Which solution will meet these requirements?
Use AWS Key Management Service (AWS KMS) certificates on the ALB to encrypt data in transit. Use AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest.
Use the AWS root account to log in to the AWS Management Console. Upload the company’s encryption certificates. While in the root account, select the option to turn on encryption for all data at rest and in transit for the account.
Use AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.
Use BitLocker to encrypt all data at rest. Import the company’s TLS certificate keys to AWS Key Management Service (AWS KMS) Attach the KMS keys to the ALB to encrypt data in transit.
Explanations:
AWS Certificate Manager (ACM) is used for managing TLS certificates, but it does not directly encrypt EBS volumes or Aurora database storage. EBS volumes and Aurora need to be encrypted using AWS KMS.
Using the root account for encryption management is not a best practice. There is no single account-wide setting to enable encryption for all services at once. Each resource must be configured individually for encryption.
AWS KMS is suitable for encrypting EBS volumes and Aurora database storage at rest. Attaching an ACM certificate to the ALB ensures data is encrypted in transit. This option meets all requirements.
BitLocker is a Windows feature and cannot be used to encrypt AWS resources directly. Importing TLS certificate keys to KMS does not facilitate proper encryption of data at rest. The correct method for encrypting data at rest in AWS is through KMS.
I strategize that the answer is:
Use AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.