A software company must ensure that documents that are uploaded by users are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company wants to avoid client-side encryption and does not want to manage the security infrastructure. In addition, the company wants control over the keys that are used for encryption at rest.
Which solution for encryption keys should a developer use to meet these requirements?
A. Amazon S3 managed keys
B. Application-level encryption with customer-provided encryption keys that are stored in an on-premises hardware security module (HSM)
C. AWS Key Management Service (AWS KMS) customer managed keys
D. IAM access keys
Which solution for encryption keys should a developer use to meet these requirements?
A. Amazon S3 managed keys
B. Application-level encryption with customer-provided encryption keys that are stored in an on-premises hardware security module (HSM)
C. AWS Key Management Service (AWS KMS) customer managed keys
D. IAM access keys