Home › Forums › AWS › AWS Certified Solutions Architect Associate › AWS SAA Study Guide – is it SSE or CSE on page 80? › Reply To: AWS SAA Study Guide – is it SSE or CSE on page 80?
-
Hello Donda,
Thanks for the feedback.
What isn’t replicated section, there is a point “Objects created with server-side encryption using AWS KMS–managed encryption (SSE-KMS) keys.”.
— Yes, that’s correct. Objects created with server-side encryption using CMKs stored in AWS KMS is not replicated. Take note that replication does not support client-side encryption.
“Both unencrypted objects and objects encrypted using Amazon S3 managed keys (SSE-S3) or AWS KMS managed keys (SSE-KMS)”.
— By default Amazon S3 replicates the following: Unencrypted objects, Objects encrypted at rest under Amazon S3 managed keys (SSE-S3) or CMKs stored in AWS Key Management Service (SSE-KMS).
Sources:
https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam on your first try!
Regards,
Gerome @ Tutorials Dojo