-
AWS SAA Study Guide – is it SSE or CSE on page 80?
updated 3 years, 4 months ago
2 Members
·
2
Posts
-
In the S3 Cross Region Replication – What isn’t replicated section, there is a point “
Objects created with server-side encryption using AWS KMS–managed encryption
(SSE-KMS) keys.”. Is this correct or error — Should it be “Client side encryption with AWS KMS-managed encryption (CSE-KMS) keys?”.
One page 79, there is a section – Only following are replicated: and in this section there is a line
“Both unencrypted objects and objects encrypted using Amazon S3 managed keys
(SSE-S3) or AWS KMS managed keys (SSE-KMS)”.
-
Hello Donda,
Thanks for the feedback.
What isn’t replicated section, there is a point “Objects created with server-side encryption using AWS KMS–managed encryption (SSE-KMS) keys.”.
— Yes, that’s correct. Objects created with server-side encryption using CMKs stored in AWS KMS is not replicated. Take note that replication does not support client-side encryption.
“Both unencrypted objects and objects encrypted using Amazon S3 managed keys (SSE-S3) or AWS KMS managed keys (SSE-KMS)”.
— By default Amazon S3 replicates the following: Unencrypted objects, Objects encrypted at rest under Amazon S3 managed keys (SSE-S3) or CMKs stored in AWS Key Management Service (SSE-KMS).
Sources:
https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam on your first try!
Regards,
Gerome @ Tutorials Dojo
Log in to reply.