Correct answer - "Client Side Encryption" : You can encrypt data client-side and upload the
encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption
keys, and related tools.
Incorrect:
"SSE-C" - You manage the encryption keys and Amazon S3 manages the encryption, as it writes to
disks, and decryption, when you access your objects
"SSE-S3" - Handled by AWS, this is server side.
"SSE-KMS" - Similar to SSE-S3, but with some additional benefits along with some additional
charges for using this service. Additionally, you have the option to create and manage
encryption keys yourself, or use a default key that is unique to you, the service you're using
and region your working in
For more information visit