A company currently stores symmetric encryption keys in a hardware security module (HSM).A solutions architect must design a solution to migrate key management to AWS.The solution should allow for key rotation and support the use of customer provided keys.
Where should the key material be stored to meet these requirements?
Amazon S3
AWS Secrets Manager
AWS Systems Manager Parameter store
AWS Key Management Service (AWS KMS)
Explanations:
Amazon S3 is not designed for key management and does not provide key rotation or customer-managed key features.
AWS Secrets Manager is primarily used for managing secrets, not specifically designed for key management and does not inherently support key rotation for encryption keys.
AWS Systems Manager Parameter Store is also not intended for key management and lacks built-in support for key rotation and customer-provided keys.
AWS Key Management Service (AWS KMS) is specifically designed for managing encryption keys, supports key rotation, and allows for customer-provided keys.