Which solution will meet these requirements?
Use imported keys for Set 1. Use AWS managed keys for Set 2. For Set 1, set an expiration period and manually delete the keys after the expiration period has elapsed.
Use imported keys for Set 1. Use AWS managed keys for Set 2. For Set 1, set an expiration period. AWS will automatically delete the keys after the expiration period has elapsed.
Use AWS managed keys for Set 1. Use imported keys for Set 2. For Set 1, set an expiration period and manually delete the keys after the expiration period has elapsed.
Use AWS managed keys for Set 1. Use imported keys for Set 2. For Set 1, set an expiration period. AWS will automatically delete the keys after the expiration period has elapsed.
Explanations:
Imported keys allow granular control, but AWS managed keys do not. For Set 1, the expiration period is not automatic, and manual deletion after the expiration period would not meet the requirement for automatic key expiration.
Imported keys meet the control and reimportation requirements for Set 1, and AWS-managed keys meet the flexibility needed for Set 2. AWS will automatically delete imported keys after the expiration period, aligning with the requirement.
AWS-managed keys do not allow the granular control needed for Set 1, such as maintaining a copy of the key in the key management infrastructure. Manual deletion is also not aligned with automatic expiration for Set 1.
AWS-managed keys do not allow the granular control over keys required for Set 1. Imported keys are required for Set 1, and they will not automatically expire unless manually deleted, which is not aligned with the requirement for Set 1.