How can the developer implement the encryption in the application to meet these requirements?
Create a data key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
Create a Hash-Based Message Authentication Code (HMAC) key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
Create a data key pair in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.
Create a data key in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.
Explanations:
This option is correct because creating a data key in AWS KMS and using the AWS Encryption SDK provides the required symmetric encryption outside AWS, within the application, and ensures secure encryption for files before uploading to S3.
This option is incorrect because an HMAC key is used for data integrity checks, not encryption. The AWS Encryption SDK requires a symmetric data key, not an HMAC key, to perform encryption.
This option is incorrect because a data key pair is typically used for asymmetric encryption, which does not meet the requirement for symmetric encryption. The AWS CLI also does not support in-application encryption, which the developer needs.
This option is incorrect because, although a data key is created, the AWS CLI is used to encrypt the files. The requirement specifies that the encryption must be done in the application, which the AWS CLI cannot fulfill.