How should the developer create the DynamoDB table to meet these requirements?
Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create an AWS owned key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
Create the DynamoDB table with the default encryption options.
Explanations:
AWS KMS customer managed keys require additional configuration and management by the user. Since the requirement specifies using AWS owned encryption keys, this option does not meet the criteria.
AWS KMS AWS managed keys are not necessary for this scenario since the requirement explicitly states to use AWS owned keys. Providing the ARN of a managed key is not needed for default AWS owned key usage.
AWS owned keys are managed by AWS and do not have a specific ARN that can be provided during table creation. This option misinterprets the use of AWS owned keys.
Creating the DynamoDB table with the default encryption options automatically enables server-side encryption using AWS owned keys, which meets the requirement effectively without additional configuration.
I would say the answer is:
Create the DynamoDB table with the default encryption options.