Which solution will meet these requirements?
Build and deploy the feature on the original EC2 instance store.
Add the now feature in the original application. Deploy the application on a Dedicated Host.
Package the now feature and deploy the now feature on AWS Lambda. Use AWS Key Management Service (AWS KMS) to encrypt and decrypt the PII.
Build and deploy the now feature as part of the original application. Run the feature on AWS Nitro Enclaves.
Explanations:
EC2 instance store is not suitable for isolating sensitive data. It does not provide the required CPU and memory isolation for handling highly sensitive personally identifiable information (PII).
A Dedicated Host provides physical server isolation but does not provide the level of isolation required for securely processing PII. Additionally, it does not offer a specific solution for low-latency computation or isolation of sensitive data.
AWS Lambda does not meet the requirement of low-latency computation as it is designed for event-driven workloads, and its execution environment does not offer the level of CPU and memory isolation required for handling PII securely.
AWS Nitro Enclaves provide a high level of isolation and security for processing highly sensitive data. They offer CPU and memory isolation and are specifically designed for running workloads that require the protection of sensitive data, making it the most appropriate solution.