A company uses S3 to store confidential documents. They want to ensure that objects are encrypted at rest using customer-provided encryption keys (SSE-C). Which header must be included in every PUT request?
Required for SSE-C.
Why this answer
Option A is correct because SSE-C requires x-amz-server-side-encryption-customer-algorithm to be set to AES256. Option B is wrong because that header is for SSE-S3. Option C is wrong for SSE-KMS.
Option D is wrong because the key header must be provided separately.