-
Hello Chris,
Thanks for the feedback.
With SSE-C, you do own and manage the encryption key, but it’s not integrated into AWS’s managed services, and AWS doesn’t handle key rotation for you. Additionally, Amazon Redshift Spectrum does not support Amazon S3 client-side encryption. –
Please refer to this: https://docs.aws.amazon.com/redshift/latest/dg/c-spectrum-data-files.html#c-spectrum-data-files-encryption
On the other hand, with SSE-KMS, you can still use your own customer-managed key, but AWS manages its lifecycle, including automatic rotation. This is a more secure and scalable solution that fits the requirements of the scenario and integrates with AWS services like Redshift Spectrum.
Please refer to this: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#aws-managed-customer-managed-keys
I hope this helps! Please let us know if you need further assistance.
Best regards,
JR @ Tutorials Dojo
