🔥 3-day streak
AWS Certified Security - Specialty133 / 184
Question 133 of 184

A company stores billions of small objects in an Amazon S3 bucket encrypted with SSE-KMS using a customer managed key. Their monthly bill shows a very large number of AWS KMS API requests (GenerateDataKey and Decrypt), and the KMS request charges have become a significant cost. The security team requires that objects remain encrypted with the same customer managed key and that all access continues to be authorized against that key. What is the MOST cost-effective way to reduce the KMS request charges?

Reviewed for accuracy · Report an issueNext question