AWS encryption chart (SSE-S3 vs SSE-KMS vs SSE-C)
IN TRANSIT AT REST SSL/TLS Server Side Managed Keys Client Side Managed Keys S3 (SSE-S3) Each object is encrypted with a key. Amazon encrypts the key with a master key, which rotates regularly. AWS Key Management Service (SSE-KMS) Allows you to audit trail (who and when used the key), extra cost and you manage the master key. Customer provided (SSE-C) User manages the keys but encryption done by Amazon User encrypts the data on client-side and uploads to S3
Comments