How should the developer create the DynamoDB table to meet these requirements?
Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create an AWS owned key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create the DynamoDB table with the default encryption options.
Explanations:
An AWS Key Management Service (KMS) customer managed key is not required for using server-side encryption with AWS owned keys. When using AWS owned keys, there is no need to specify a KMS key ARN.
An AWS KMS managed key is not necessary to meet the requirement for server-side encryption with an AWS owned key. AWS managed keys are for user-created keys managed by AWS, which is not applicable here.
AWS owned keys do not have a specific ARN that can be provided. AWS handles the management of these keys automatically, and they do not need to be specified during table creation.
Creating the DynamoDB table with the default encryption options automatically enables server-side encryption using AWS owned keys, which meets the requirement without additional configuration.