Well, its not just the data stored in Amazon S3 needs to be safe but during the onward & return journey as well.
That broadly classifies the data protection into categories as protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers).
· Server-Side Encryption –
User requests Amazon S3 to encrypt the object before saving it on disks in its
data centers and decrypt it when object are downloaded. Has 3 different types
as listed in the image based on who
manages the keys.
· Client-Side Encryption –
The data is encrypted on the client-side and the encrypted data is uploaded to
Amazon S3. In this case, user manage the encryption process, the encryption
keys, and related tools.