AWS Certified Developer Associate (#145)

An AWS Lambda function generates a 3MB JSON file and then uploads it to an Amazon S3 bucket daily. The file contains sensitive information, so the Developer must ensure that it is encrypted before uploading to the bucket. Which of the following modifications should the Developer make to ensure that the data is encrypted before uploading it to the bucket?

Use the default AWS KMS customer master key for S3 in the Lambda function code.
Use the S3 managed key and call the
GenerateDataKey
API to encrypt the file.
Use the
GenerateDateKey
API, then use that data key to encrypt the file in the Lambda function code.
Use a custom KMS customer master key created for S3 in the Lambda function code.