S3 Encryption Flashcards
1
Q
Match each of these to the definition:
______= object level keys, master key rotation
_______= use envelope to retrieve private keys, keys under customer control
______= customer managed keys given to S3 to encrypt/decrypt objects
______= encrypt/decrypt handled at client end, S3 sees only encrypted objects
______= SSL/TLS is turned on for objects by default
- Client Side Encryption
- In-Transit
- SSE-S3 - S3 Managed Keys
- SSE-C
- SSE-KMS
A
SSE-S3 - S3 Managed Keys = object level keys, master key rotation
SSE-KMS= use envelope to retrieve private keys, keys under customer control
SSE-CS= customer managed keys given to S3 to encrypt/decrypt objects
Client Side Encryption = encrypt/decrypt handled at client end, S3 sees only encrypted objects
In-Transit = SSL/TLS is turned on for objects by default
2
Q
A
