This is a great principal, though in practice this is quite a challenge. Things like DB queries won't work if the data is encrypted in the payload. You have to store your data in plaintext.

Same goes for communicating with other services. While homomorphic encryption is on the rise it still isn't feasible to do more then some small things.

So what we are often left with is:

* Use TLS everywhere, even when communicating to other services in the same VPC (APIGW, ALB, ACM)

* Use ciphers to encrypt as much data as we can when stored in a database (KMS)

* Asymmetric keys to sign payloads

* ECC and DPoP for access tokens

For in process encryption, using either the aws encryption SDK or an encryption manager is key: https://authress.io/knowledge-base/encrypting-secrets-with-aws-kms