Your company’s development team has deployed an application using Docker containers on their on-premises environment. The application environment needs to be extended onto AWS without any need to manage the underlying infrastructure. Which of the following is the ideal service you would use to provision the environment for them?

Answer options:

A.AWS Elastic Beanstalk
B.Amazon EC2
C.AWS CloudFormation
D.AWS OpsWorks

Correct Answer: B
The AWS Documentation mentions the following.
AWS Storage Gateway uses AWS Key Management Service (AWS KMS) to support encryption. Storage Gateway is integrated with AWS KMS. So, you can use the customer master keys (CMKs) in your account to protect the data that Storage Gateway receives, stores, or manages. Currently, you can do this by using the AWS Storage Gateway API.
All other options are invalid since the right way to encrypt the data is via using KMS keys.
As per AWS docs, Storage Gateway supports AWS KMS to encrypt data stored in AWS by all gateway types. This includes virtual tapes managed by Tape Gateway, in-cloud volumes and EBS Snapshots created by Volume Gateway, and files stored as objects in Amazon Simple Storage Service (S3) by File Gateway. 
If AWS KMS is not used, all data stored in AWS by the Storage Gateway service is encrypted with Amazon S3-Managed Encryption Keys (SSE-S3) by default.
Hence option B is the correct choice. 
For more information on storage gateway encryption, please refer to the below URL-
https://docs.aws.amazon.com/storagegateway/latest/userguide/encryption.html