How to protect data using server-side encryption
When you are uploading objects or creating a copy of an existing object, you can encrypt your data by adding the x-amz-server-side-encryption
header to the request.
You can specify server-side encryption using REST APIs and AWS SDKs that support wrapper API to request server-side encryption. In addition, you can use the AWS management console to upload objects and request server-side encryption.
Regarding server-side encryption, Amazon S3 encrypts your data at the object level with three options to manage the encryption keys:
SSE with Amazon S3 key management (SSE-S3): Server-side encryption with Amazon S3 manages encryption keys (SSE-S3) which use 256-bit Advanced Encryption Standard (AES-256) to encrypt your data and strong multifactor encryption to encrypt the key itself with a master key that is regularly rotated to enhance security.
SSE with AWS KMS (SSE-KMS): The difference between SSE-S3 and SSE-KMS is that SSE-KMS uses customer master...