A developer is publishing critical log data to a log group in Amazon CloudWatch Logs. The log group was created 2 months ago. The developer must encrypt the log data by using an AWS Key Management Service (AWS KMS) key so that future data can be encrypted to comply with the company's security policy.
Which solution will meet this requirement with the LEAST effort?
To meet the requirement of encrypting future log data in Amazon CloudWatch Logs with the least effort, the AWS CLI command `aws logs associate-kms-key` should be used to associate the KMS key with the existing log group. This command allows the association of a KMS key with an existing log group, ensuring all future data written to the log group is encrypted. This approach directly addresses the need to encrypt the log data following the company's security policy without the need to recreate the log group or manually encrypt data before logging, making it the most efficient solution.
https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html
D is the correct answer.
associate-kms-key command. This command specifically associates a KMS key with an existing log group, which is exactly what the developer needs to do.