AWS Certified Developer – Associate — Question 328

A developer has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use server-side encryption with AWS KMS keys (SSE-KMS). After creating this change, performance of the application is slower.

Which of the following is MOST likely the cause of the application latency?

Answer options

• A. Amazon S3 throttles the rate at which uploaded objects can be encrypted using KMS keys.
• B. The AWS KMS API calls limit is less than needed to achieve the desired performance.
• C. The client encryption of the objects is using a poor algorithm.
• D. KMS requires that an alias be used to create an independent display name that can be mapped to a KMS key.

Correct answer: B

Explanation

When utilizing SSE-KMS, Amazon S3 must make a GenerateDataKey call to AWS KMS for each uploaded object, which is subject to KMS API request rate limits. At tens of thousands of requests per second, the application is likely hitting these KMS throttling limits, resulting in latency. Amazon S3 itself does not throttle the encryption process, client-side encryption is not involved in server-side encryption, and KMS key aliases do not affect API performance limits.