The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement?

Answer options:

A.AWS KMS API
B.AWS Certificate Manager
C.API Gateway with STS
D.IAM Access Key

Correct Answer – A
Option B is incorrect. The AWS Certificate Manager can be used to generate SSL certificates to encrypt traffic in transit, but not at rest.
Option C is incorrect. It is used for issuing tokens while using the API gateway for traffic in transit.
Option D is used for providing secure access to EC2 Instances.
AWS Documentation mentions the following on AWS KMS:
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage.
For more information on AWS KMS, please visit the following URL:
https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
The AWS KMS API can be used to encrypt, decrypt and reencrypt content. Please refer the following guide:
https://docs.aws.amazon.com/kms/latest/APIReference/kms-api-reference.pdf#Welcome