A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Stand…

Question

A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Standard storage class. All the S3 objects are accessed frequently. The number of users and applications that access the objects is increasing rapidly. The objects are encrypted with server-side encryption with AWS KMS keys (SSE-KMS). A solutions architect reviews the company’s monthly AWS invoice and notices that AWS KMS costs are increasing because of the high number of requests from Amazon S3. The solutions architect needs to optimize costs with minimal changes to the application. Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Correct answer: B. B. Create a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Specify SSE-S3. — Switching the encryption type to SSE-S3 eliminates KMS usage fees entirely because Amazon S3 manages the encryption keys directly at no extra charge, and S3 Batch Operations is the most efficient way to migrate millions of existing objects. Managing keys with SSE-C or AWS CloudHSM introduces significant operational overhead and application changes. Using S3 Intelligent-Tiering does not resolve the high KMS request fees and is ineffective since the objects are frequently accessed.

AWS Certified Solutions Architect – Professional (SAP-C02) — Question 292

Answer options

Correct answer: B

Explanation