How can the developer implement the encryption in the application to meet these requirements?
Create a data key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
Create a Hash-Based Message Authentication Code (HMAC) key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
Create a data key pair in AWS Key Management Service (AWS KMS). Use the AWS CL to encrypt the files.
Create a data key in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.
Explanations:
The AWS KMS data key can be used to perform symmetric encryption. The AWS Encryption SDK supports the use of KMS data keys for encrypting data, and the developer can use it in the application to perform the encryption before uploading the files to S3.
HMAC is a technique used for authentication, not encryption. The use of HMAC in KMS is not relevant for file encryption. This option is not suitable for symmetric encryption of files.
A data key pair in AWS KMS refers to a public-private key pair, which is typically used for asymmetric encryption. Since the requirement is symmetric encryption, this option is incorrect.
The AWS CLI is a command-line tool, not a programming SDK. It is not designed to be used within an application for encryption of files before uploading them to S3. This option does not fulfill the requirement of performing encryption within the application.