A company migrated millions of archival files to Amazon S3. A solutions architect needs to implement a solution that will encrypt all the archival data by using a customer-provided key. The solution must encrypt existing unencrypted objects and future objects.
Which solution will meet these requirements?
To meet the requirement of encrypting both existing unencrypted objects and future objects in Amazon S3 using a customer-provided key (SSE-C), it is necessary to follow a specific approach. First, generating a list of unencrypted objects can be efficiently accomplished by filtering an Amazon S3 Inventory report, which includes the 'Encryption status' field. Subsequently, configuring an S3 Batch Operations job to encrypt these objects using SSE-C addresses the encryption of existing files. Additionally, configuring the S3 default encryption feature to use SSE-C ensures that all future objects will be encrypted upon upload. Therefore, this implementation fulfills all aspects of the requirement by leveraging S3 Inventory, Batch Operations, and default encryption settings with a customer-provided key.
A seems correct here. https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
S3 inventory list has "Encryption status" field so you can use this to filter the unencrypted objects. and use S3 batch to encrypt it with SSE-C key. AWS Usage report does not provide details about encryption status of individual objects
The solution must encrypt existing unencrypted objects. Batch will do that.
A is the answer
AnswerA
Option B
Need to use customer provided keys.So , B cannot be the answer
option B.... S3 Inventory report to check for unencrypted objects in s3 and then using Batch operation.
As stated, "by using a customer-provided key", which rules out B & C. Option A uses 3 thingies: 1. S3 Inventory - Provides a native way to generate a list of unencrypted objects, making it scalable for millions of objects. 2. S3 Batch Operations - Encrypts existing objects efficiently. 3. S3 Default Encryption - Ensures future objects are automatically encrypted (with SSE-C).