solutions-architect-pro video for a financial company stores personally identifiable information (PII) in an Amazon S3 bucket which currently does not have
A financial company stores personally identifiable information (PII) in an Amazon S3 bucket which currently does not have versioning enabled. The current configuration has server-side encryption with S3 managed encryption keys (SSE-S3) enabled to encrypt the objects. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company's security team manages. Which solution will meet these requirements?