🔥 3-day streak
AWS Certified Developer - Associate118 / 150
Question 118 of 150

A developer is building a document storage feature that must upload objects to Amazon S3. Compliance requires that the organization supply and manage the encryption keys itself, and that AWS never store the keys. The keys are held in an on-premises hardware security module and provided at upload time. The developer wants the encryption/decryption to happen on the S3 server side without integrating with AWS KMS. Which approach meets these requirements?

Reviewed for accuracy · Report an issueNext question