What should a Developer do to ensure the data is encrypted on disk without impacting performance?
Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
Add logic to write all data to an encrypted Amazon S3 bucket.
Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.
Explanations:
Amazon EC2 instances can use Amazon EBS volumes that are encrypted. EBS encryption is built-in and transparent, meaning it doesn’t impact performance significantly. This solution meets the requirement for encrypting data on disk without impacting performance.
While Amazon S3 supports encryption, this option requires writing data to S3, which is not specified in the problem. The data is supposed to be stored on EBS volumes attached to EC2 instances, not in S3.
Adding a custom encryption algorithm within the application would require complex management, key management, and might impact performance. EBS encryption is simpler and more efficient.
Ephemeral disks (instance store) are not persistent and their data is lost if the instance is stopped or terminated. This does not meet the requirement for storing sensitive data reliably, nor does it address encryption effectively.