Final Answer:
Amazon S3 provides two options for encrypting data stored on S3: Server-side encryption and Client-side encryption.
Explanation:
Amazon S3 provides two options for encrypting data stored on S3: Server-side encryption and Client-side encryption. Server-side encryption is the default encryption configuration for every bucket in Amazon S3. It encrypts objects before saving them on disks in AWS data centers and then decrypts the objects when you download them. All new objects that are uploaded to an S3 bucket are automatically encrypted at rest. You can use a different type of server-side encryption to encrypt your objects by either specifying the type of server-side encryption to use in your S3 PUT requests or setting the default encryption configuration in the destination bucket.
Client-side encryption, on the other hand, encrypts your data client-side and uploads the encrypted data to Amazon S3. In this case, you manage the encryption process, encryption keys, and related tools. To configure client-side encryption, see Protecting data by using client-side encryption1.