A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects to have hundreds of master keys and therefore does not want to manage access control for customer master keys (CMKs) . Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing individual key policies?
A) The account's CMK key policy must allow the account's IAM roles to perform KMS EnableKey.
B) Newly created CMKs must have a key policy that allows the root principal to perform all actions.
C) Newly created CMKs must allow the root principal to perform the kms CreateGrant API operation.
D) Newly created CMKs must mirror the IAM policy of the KMS key administrator.
Correct Answer:
Verified
Q36: A Security Engineer who was reviewing AWS
Q37: A Solutions Architect is designing a web
Q38: A pharmaceutical company has digitized versions of
Q39: An application has been written that publishes
Q40: A Security Engineer has been asked to
Q42: The Security Engineer is managing a traditional
Q43: Some highly sensitive analytics workloads are to
Q44: A Developer who is following AWS best
Q45: A company runs an application on AWS
Q46: A Systems Administrator has written the following
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents