You have a Cron job that will run on the EC2 instance. The job calls a bash script that will encrypt a file whose size is about 2kb. You prefer that the encryption is performed through a Customer Master Key (CMK) in KMS. So, you have created a CMK for this task. The script uses AWS CLI to do the encryption. How do you encrypt the file using the CMK in the bash script?
 

Answer options:

A.Use "aws kms encrypt" to encrypt the file. No envelope encryption is required in this case.
B.Use "aws kms generate-data-key" to generate a data key, then use the plain text data key to encrypt the file.
C.Use "aws kms generate-data-key" to generate a data key, then use the encrypted data key to encrypt the file.
D.Envelope encryption is required in this case. Use "aws kms encrypt" to generate a data key, then use the plain text data key to encrypt the file.

Answer: A
Option A is CORRECT because "aws kms encrypt" already meets the requirement since the file size is about 2kb.
Option B is incorrect because envelope encryption is not required in this scenario. The bash script can use "aws kms encrypt" for the encryption, and there is no need to maintain any data key.
Option C is incorrect because, for envelope encryption, the plain text data key is used, and thus envelope encryption is unnecessary.
Option D is incorrect because the "aws kms encrypt" command is not used to generate the data key.
For more information on KMS. kindly refer to the URL provided below:
https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html.