Security I
Explore key security concepts for AWS developers, including enforcing server-side encryption on S3, integrating corporate SAML credentials, understanding IAM role access controls, securely managing application secrets, and setting up real-time monitoring for unusual IAM role usage to comply with security policies.
We'll cover the following...
Question 22
A developer needs to ensure that every new object uploaded to an Amazon S3 bucket is encrypted at rest using server-side encryption (SSE). The developer wants to use the most robust method to explicitly reject requests that do not specify encryption headers.
Which solution provides this definitive enforcement mechanism?
A. Configure the S3 bucket to use default encryption with SSE-S3.
B. Implement an AWS Lambda function triggered by s3:ObjectCreated:* to immediately delete unencrypted objects.
C. Attach an S3 bucket policy that uses the s3:x-amz-server-side-encryption condition key to deny any PutObject request without an encryption header.
D. Use AWS Key Management Service (AWS KMS) to ...