Your IT Security department has mandated that all data on EBS volumes created for underlying EC2 Instances needs to be encrypted. Which of the following can help achieve this?
A. AWS KMS
B. AWS Certificate Manager
C. API Gateway with STS
D. IAM Access Key
A. AWS KMS
Option B is in – The AWS Certificate manager can be used to generate SSL certificates used to encrypt traffic in transit, but not at rest.
Option C is in – This is used for issuing tokens when using the API gateway for traffic in transit.
Option D is in – This is used for secure access to EC2 Instances.
The AWS Documentation mentions the following on AWS KMS:
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage.
For more information on AWS KMS, please visit the following URL: