What should a solutions architect do to meet this requirement?
Create an encryption key, and store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.
Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.
Create a customer master key (CMK) in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
Generate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.
Explanations:
AWS Secrets Manager is used for managing secrets, not for encrypting data at rest. Encryption keys are typically managed via KMS, not Secrets Manager.
SSL/TLS certificates enable encryption in transit, not at rest. This option does not meet the requirement of encrypting data at rest.
AWS Key Management Service (KMS) is the correct service for creating customer-managed keys (CMKs) to encrypt data at rest in Amazon RDS instances.
IAM certificates are used for managing permissions and SSL/TLS connections, not for encrypting data at rest. KMS is the correct service for this.
I design that the answer is:
Create a customer master key (CMK) in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.