AWS Certified Security - Specialty (#65)

An organization has a system in AWS that allows a large number of remote workers to submit data files. File sizes vary from a few kilobytes to several megabytes. A recent audit highlighted a concern that data files are not encrypted while in transit over untrusted networks. Which solution would remediate the audit finding while minimizing the effort required?

Upload an SSL certificate to IAM, and configure Amazon CloudFront with the passphrase for the private key.
Call
KMS.Encrypt()
in the client, passing in the data file contents, and call
KMS.Decrypt()
server-side.
Use AWS Certificate Manager to provision a certificate on an Elastic Load Balancing in front of the web service’s servers.
Create a new VPC with an Amazon VPC VPN endpoint, and update the web service’s DNS record.