Question

A company is storing sensitive data in their S3 bucket. The company policy states that all objects in the S3 bucket need to be encrypted at rest.

Which of the following helps ensure this policy is met?

A. Deny permission to upload an object if the header does not include x-amz-server-side-encryption.

B. Deny permission to upload an object if the header includes x-amz-server-side-encryption.

C. Deny permission to upload an object if the header does not include x-allow-encryption.

D. Deny permission to upload an object if the header includes x-allow-encryption.

Answer 1

Answer - A.

This is also given in the AWS Documentation.

Option B is incorrect as it denies the upload if the header includes x-amz-server-side-encryption.

Option C and D are incorrect because there is no such header as x-allow-encryption.