Amazon S3 provides an object-level storage solution, allowing you to save objects up to 5 terabytes in size. Being a storage solution, and one of the most commonly used storage services within AWS, S3 provides a variety of encryption mechanisms to suit different requirements and compliance concerns.
There are five different encryption options available to encrypt your S3 objects, as follows:
- Server-side encryption with S3-managed keys (SSE-S3)
- Server-side encryption with KMS-managed keys (SSE-KMS)
- Server-side encryption with customer-managed keys (SSE-C)
- Client-side encryption with KMS-managed keys (CSE-KMS)
- Client-side encryption with customer-managed keys (CSE-C)
The difference between server-side and client-side encryption is fairly simple. With server-side encryption, the encryption algorithm and process are run from the server side—in this case, within Amazon S3. Client-side encryption means that the encryption process is executed on the client first, before...