A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application.
Which type of encryption meets these requirements?
A. Server-side encryption using S3-managed keys
B. Server-side encryption with AWS KMS-managed keys
C. Client-side encryption with a client-side symmetric master key
D. Client-side encryption with AWS KMS-managed keys
