What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
- AUpdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
- BUpdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
- CUpdate the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
- DUpdate the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.