Please enable JavaScript.

Coggle requires JavaScript to display documents.

Encryption-s3 - Coggle Diagram

- - - - The encryption client can use keys provided by an on-premises key management infrastructure (KMI), which provides the client-side master key (CSE-C).
      - The CSE-C and your unencrypted data are never sent to AWS.
      - It's important that you safely manage your encryption keys. If you lose them, you won't be able to decrypt your data.
      - The CSE-C may also be requested by an application running on an EC2 instance with the encryption client. Keys may also be provided by a KMI running on an EC2 instance.