What should a solutions architect do to reduce the operational burden?
Use multi-factor authentication (MFA) to protect the encryption keys.
Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.
Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.
Explanations:
While MFA adds a layer of security for access, it does not directly reduce the operational burden associated with key management infrastructure.
AWS KMS is designed for managing encryption keys efficiently and securely, reducing operational overhead for developers in managing their encryption needs.
AWS Certificate Manager (ACM) is primarily for managing SSL/TLS certificates, not specifically for encrypting data or managing encryption keys.
IAM policies can help control access but do not reduce the operational burden of key management infrastructure in the same way that AWS KMS does.
I estimate that the answer is:
Use AWS Key Management Service (AWS KMS) to protect the encryption keys.