A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest. A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront. Which combination of steps will meet the encryption requirements? (Choose three.) A. Turn on S3 server-side encryption for the S3 bucket that the web application uses. B. Add a policy attribute of "aws:SecureTransport": "true" for read and write operations in the S3 ACLs. C. Create a bucket policy that denies any unencrypted operations in the S3 bucket that the web application uses. D. Configure encryption at rest on CloudFront by using server-side encryption with AWS KMS keys (SSE-KMS). E. Configure redirection of HTTP requests to HTTPS requests in CloudFront. F. Use the RequireSSL option in the creation of presigned URLs for the S3 bucket that the web application uses.