A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.
Which AWS service should the engineer use?
AWS Key Management Service (AWS KMS)
AWS Certificate Manager (ACM)
AWS CloudHSM
AWS Systems Manager
Explanations:
AWS Key Management Service (KMS) provides a fully managed service for creating and controlling encryption keys, but it is not single-tenant in nature.
AWS Certificate Manager (ACM) is used for managing SSL/TLS certificates, not for managing cryptographic keys.
AWS CloudHSM is a hardware security module (HSM) that allows customers to manage their own cryptographic keys in a single-tenant, dedicated hardware.
AWS Systems Manager is used for operational management tasks like automation and patching, not for cryptographic key management.