How can the developer expand the application to run in the destination Region while meeting the encryption requirement?
Create a new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.
Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.
Explanations:
This option correctly involves creating new AMIs with encryption specified, ensuring compliance with the encryption requirement before copying them to the destination Region. After copying, the unencrypted AMIs can be deleted.
AWS KMS does not allow enabling encryption on existing unencrypted AMIs directly. Instead, new AMIs must be created with encryption enabled, making this option invalid.
AWS Certificate Manager (ACM) is used for managing SSL/TLS certificates, not for enabling encryption on AMIs. Therefore, this option is not valid for the stated requirement.
Copying unencrypted AMIs and enabling encryption by default in the destination Region does not meet the requirement, as the source AMIs must be encrypted before they can be copied to another Region.