AWS Certified Cloud Practitioner

AWS Key Management Service (AWS KMS) is the correct service that provides encryption for data at rest in Amazon EBS volumes.

Key Points:

• AWS KMS is a managed service that makes it easy to create and control the encryption keys used to encrypt your data
• Amazon EBS encryption uses AWS KMS customer master keys (CMKs) when creating encrypted volumes and snapshots
• Amazon Cognito is for user authentication and identity management
• AWS IAM is for access control and permissions management
• AWS Trusted Advisor is for cost optimization, security, and performance recommendations

When you create an encrypted EBS volume, AWS KMS generates a unique data encryption key that is used to encrypt your data. The data encryption key is then encrypted with your CMK, providing a secure encryption solution for your EBS volumes.