An enterprise is migrating its analytics platform to AWS. They have 10 PB of historical data currently stored on an on-premises NAS. The data must be migrated to Amazon S3. Once in S3, the data will be queried by Amazon Athena. The data contains sensitive PII that must be encrypted at rest using keys managed by the enterprise. The migration must be completed within 2 months. Which combination of actions should the Architect take? (Select THREE)

Order multiple AWS Snowball Edge Storage Optimized devices to transfer the 10 PB of data to AWS.

Create an AWS KMS Customer Managed Key (CMK) and configure the S3 bucket to use SSE-KMS as the default encryption.

Configure Amazon Athena to use the same KMS CMK to encrypt query results.

Use AWS DataSync over a 1 Gbps AWS Direct Connect connection to transfer the data.

Configure the S3 bucket to use SSE-S3 (Amazon S3 managed keys) for default encryption.

Use AWS Database Migration Service (DMS) to migrate the data from the NAS to S3.