So you enable encryption using KMS. There are now performance issues being encountered. What could be the main reason behind this?

Question

Your company currently stores its objects in S3.The current request rate is around 11000 GET requests per second. There is now a mandate for objects to be encrypted at rest.

So you enable encryption using KMS. There are now performance issues being encountered. What could be the main reason behind this?

A. Amazon S3 will now throttle the requests since they are now being encrypted using KMS.

B. You need to also enable versioning to ensure optimal performance.

C. You are now exceeding the throttle limits for KMS API calls.

D. You need to also enable CORS to ensure optimal performance.

Answer 1

Answer - C.

This is also mentioned in the AWS Documentation.

You can make API requests directly or by using an integrated AWS service that makes API requests to AWS KMS on your behalf.

The limit applies to both kinds of requests.

Option A is incorrect because S3 will not throttle requests just because encryption is enabled.

For example, you might store data in Amazon S3 using server-side encryption with AWS KMS (SSE-KMS)

Each time you upload or download an S3 object that's encrypted with SSE-KMS, Amazon S3 makes a

GenerateDataKey.

(for uploads) or

Decrypt.

(for downloads) request to AWS KMS on your behalf.

These requests count toward your limit, so AWS KMS throttles the requests if you exceed a combined total of 5500 (or 10,000) uploads or downloads per second of S3 objects encrypted with SSE-KMS.

Options B and D are incorrect because these will not help increase performance.