A company stores sensitive data in an Amazon S3 bucket that is accessed by an Amazon Redshift cluster. The security team requires that the data in transit between Redshift and S3 be encrypted. Which configuration ensures this?
Redshift uses SSL for data transfer to S3 by default.
Why this answer
Option B is correct. Redshift automatically uses SSL encryption for data in transit when moving data to and from S3 using COPY/UNLOAD commands. Option A is incorrect because server-side encryption (SSE-S3) encrypts data at rest, not in transit.
Option C is incorrect because client-side encryption encrypts data before sending, but Redshift handles this automatically with SSL. Option D is incorrect because VPC endpoints do not encrypt data in transit; they provide private connectivity.