List options for key management when encrypting S3 data at rest.
S3 encryption key management options
- SSE-S3: data keys managed by S3
- SSE-C: data keys managed by customer (customer must send data key with each write/read request)
- SSE-KMS: data keys managed by KMS, which will encrypt/decrypt data key with CMK (Customer Master Key). The CMK may be either customer-managed or AWS-managed. In addition, CMK may be integrated with CloudHSM, in which case CloudHSM would handle the master key.
(Coming soon)
(Coming soon)