Which solution will meet these requirements?
Migrate the databases to Amazon EC2. Use an AWS Key Management Service (AWS KMS) AWS managed key for encryption.
Migrate the databases to Amazon RDS Configure encryption at rest.
Migrate the data to Amazon S3 Use Amazon Macie for data security and protection
Migrate the database to Amazon RDS. Use Amazon CloudWatch Logs for data security and protection.
Explanations:
Migrating databases to Amazon EC2 requires managing the operating system, security patches, and backups, which increases operational overhead. Using AWS KMS for encryption is a good practice but does not inherently provide the same managed service benefits that Amazon RDS offers for security and maintenance.
Migrating the databases to Amazon RDS (Relational Database Service) allows for managed database services with built-in security features, including encryption at rest. RDS also simplifies operational overhead through automatic backups, patching, and scaling, which is ideal for transactional and sensitive data.
While Amazon S3 and Amazon Macie provide data security and protection, they are not designed for transactional databases. S3 is primarily used for object storage and is not suitable for running relational databases that handle sensitive transactional data.
While Amazon RDS can provide a managed environment for databases, using Amazon CloudWatch Logs does not directly enhance data security. CloudWatch Logs is mainly for monitoring and logging rather than protecting sensitive data. Additionally, it does not address encryption at rest or other database management features.