Which solution will meet these requirements?
Configure the EC2 account attributes to always encrypt new EBS volumes.
Use AWS Config. Configure the encrypted-volumes identifier. Apply the default AWS Key Management Service (AWS KMS) key.
Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes.
Create a customer managed key in AWS Key Management Service (AWS KMS). Configure AWS Migration Hub to use the key when the company migrates workloads.
Explanations:
Configuring the EC2 account attributes to always encrypt new EBS volumes ensures that any newly created volumes are automatically encrypted by default. This setting prevents the creation of unencrypted volumes, fulfilling the requirements effectively.
Using AWS Config to identify encrypted volumes does not prevent the creation of unencrypted EBS volumes. While it can monitor compliance, it does not enforce encryption as a default setting for newly created volumes.
AWS Systems Manager cannot automatically enforce encryption on newly created EBS volumes. While it can manage existing volumes, it does not prevent the creation of unencrypted volumes. This option does not address the requirement for default encryption.
Creating a customer managed key in AWS KMS and configuring AWS Migration Hub to use it does not ensure that all newly created EBS volumes are encrypted by default. This option focuses on using a specific key for migration rather than enforcing default encryption for all EBS volumes.