Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers)
1.Server-Side Encryption
Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.
2.Client-Side Encryption
Encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
You can protect data in transit using Secure Sockets Layer (SSL) or client-side encryption
In further deep:
Server-Side Encryption has 3 types
1.Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
2.Use Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)
3.Use Server-Side Encryption with Customer-Provided Keys (SSE-C)
Client-Side Encryption has 2 types
1.Using a CMK Stored in AWS KMS
2.Using a Master Key Stored Within Your Application