The AWS Systems Manager Parameter Store is being used to store database passwords used by an AWS Lambda function. Because this is sensitive data, the parameters are stored as type SecureString and protected by an AWS KMS key that allows access through IAM. When the function executes, this parameter cannot be retrieved as the result of an access denied error. Which of the following actions will resolve the access denied error?
A) Update the ssm.amazonaws.com principal in the KMS key policy to allow kms: Decrypt.
B) Update the Lambda configuration to launch the function in a VPC.
C) Add a policy to the role that the Lambda function uses, allowing kms: Decrypt for the KMS key.
D) Add lambda.amazonaws.com as a trusted entity on the IAM role that the Lambda function uses.
Correct Answer:
Verified
Q63: A company has five AWS accounts and
Q64: A company has a few dozen application
Q65: Which of the following are valid event
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q69: A company uses user data scripts that
Q70: A Security Engineer is building a Java
Q71: A Security Engineer is defining the logging
Q72: An application uses Amazon Cognito to manage
Q73: An Amazon S3 bucket is encrypted using
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents