A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest. What should a solutions architect do to meet this requirement?
ACreate a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
BCreate an encryption key. Store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.
CGenerate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.
DGenerate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.