AWS Certified Security - Specialty (#20)

A Security Architect is evaluating managed solutions for storage of encryption keys. The requirements are: -Storage is accessible by using only VPCs. -Service has tamper-evident controls. -Access logging is enabled. -Storage has high availability. Which of the following services meets these requirements?

Amazon S3 with default encryption
AWS CloudHSM
Amazon DynamoDB with server-side encryption
AWS Systems Manager Parameter Store