An IT company would like to secure their resources in their AWS Account. Which of the following options is able to secure data at rest and in transit in AWS? Choose 3 answers from the options given below.
A. Encrypt all EBS volumes attached to EC2 Instances.
B. Use Server-Side Encryption for S3.
C. Use SSL/HTTPS when using the Elastic Load Balancer.
D. Use IOPS Volumes when working with EBS Volumes on EC2 Instances.
A., B. & C.
AWS documentation mentions the following:
Amazon EBS encryption offers you a simple encryption solution for your EBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volumeAll data moving between the volume and the instance
All snapshots created from the volume Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.
Use Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.Use
Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools. You can create a load balancer that uses the SSL/TLS protocol for encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate HTTPS sessions, and for connections between your load balancer and your EC2 instances.
For more information on securing data at rest, please refer to the below link: