Create a CMK with precise imported key cloth for every records class kind, and rotate them yearly. For the “Restricted” key cloth, outline the MFA coverage withinside the key coverage. Use S3 SSE-KMS to encrypt the gadgets. eleven. An employer desires to install a 3-tier net software wherein the software servers run on Amazon EC2 times. These EC2 times want get entry to AWS Dumps to credentials that they'll use to authenticate their SQL connections to an Amazon RDS DB example. Also, AWS Lambda capabilities ought to trouble queries to the RDS database with the aid of using the usage of the identical database credentials. The credentials ought to be saved in order that the EC2 times and the Lambda capabilities can get entry to them. No different get entry to is allowed. The get entry to logs ought to report while the credentials have been accessed and with the aid of using whom.