DSSE-KMS is designed to meet National Security Agency CNSSP 15 for FIPS compliance and Data-at-Rest Capability Package (DAR CP) Version 5.0 guidance for two layers of CNSA encryption. Using DSSE-KMS, you can fulfill regulatory requirements to apply multiple layers of encryption to your data.
With this launch, Amazon S3 now offers four options for server-side encryption: Server-side encryption with Amazon S3 managed keys (SSE-S3) Server-side encryption with AWS KMS (SSE-KMS) Server-side encryption with customer-provided encryption keys (SSE-C) Dual-layer server-side encryption with keys stored in KMS (DSSE-KMS)
Finally, I choose Create bucket to complete the creation of the S3 bucket, encrypted by DSSE-KMS encryption settings.
Now Available Amazon S3 dual-layer server-side encryption with keys stored in AWS KMS (DSSE-KMS) is available today in all AWS Regions.