An Amazon EC2 instance is denied access to a newly created AWS KMS CMK used for decrypt actions. The environment has the following configuration: The instance is allowed the kms:Decrypt action in its IAM role for all resources The AWS KMS CMK status is set to enabled The instance can communicate with the KMS API using a configured VPC endpoint What is causing the issue?
A) The kms:GenerateDataKey permission is missing from the EC2 instance's IAM role
B) The ARN tag on the CMK contains the EC2 instance's ID instead of the instance's ARN
C) The kms:Encrypt permission is missing from the EC2 IAM role
D) The KMS CMK key policy that enables IAM user permissions is missing
Correct Answer:
Verified
Q89: A company's Developers plan to migrate their
Q90: A Security Engineer manages AWS Organizations for
Q91: A company has decided to migrate sensitive
Q92: A Development team has built an experimental
Q93: A company became aware that one of
Q95: A Security Engineer signed in to the
Q96: Auditors for a health care company have
Q97: A company has several workloads running on
Q98: A company has a customer master key
Q99: The Security Engineer implemented a new vault
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents