Correct answer - "Repositories are automatically encrypted at rest" : Data in AWS CodeCommit
repositories is encrypted in transit and at rest. When data is pushed into an AWS CodeCommit
repository (for example, by calling git push), AWS CodeCommit encrypts the received data as it
is stored in the repository.
"Enable KMS encryption" - You don't have to. The first time you create an AWS CodeCommit
repository in a new region in your AWS account, CodeCommit creates an AWS-managed key in that
same region in AWS Key Management Service (AWS KMS) that is used only by CodeCommit
"Use AWS Lambda as a hook to encrypt the pushed code" - No need to, CodeCommit handles it for you
"Use a git command line hook to encrypt the code client side" - No need to, CodeCommit handles it
for you