Answer-first summary for fast verification
Answer: AWS Key Management Service (AWS KMS)
AWS Key Management Service (AWS KMS) is the correct service that provides encryption for data at rest in Amazon EBS volumes. **Key Points:** - **AWS KMS** is a managed service that makes it easy to create and control the encryption keys used to encrypt your data - **Amazon EBS encryption** uses AWS KMS customer master keys (CMKs) when creating encrypted volumes and snapshots - **Amazon Cognito** is for user authentication and identity management - **AWS IAM** is for access control and permissions management - **AWS Trusted Advisor** is for cost optimization, security, and performance recommendations When you create an encrypted EBS volume, AWS KMS generates a unique data encryption key that is used to encrypt your data. The data encryption key is then encrypted with your CMK, providing a secure encryption solution for your EBS volumes.
Author: Ritesh Yadav
Ultimate access to all questions.
Which AWS service provides encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
A
Amazon Cognito
B
AWS Identity and Access Management (IAM)
C
AWS Key Management Service (AWS KMS)
D
AWS Trusted Advisor
No comments yet.