A Security Engineer is working with the development team to design a supply chain application that stores sensitive inventory data in an Amazon S3 bucket. The application will use an AWS KMS customer master key (CMK) to encrypt the data on Amazon S3. The inventory data on Amazon S3 will be shared of vendors. All vendors will use AWS principals from their own AWS accounts to access the data on Amazon S3. The vendor list may change weekly, and the solution must support cross-account access. What is the MOST efficient way to manage access control for the KMS CMK7?
A) Use KMS grants to manage key access. Programmatically create and revoke grants to manage vendor access.
B) Use an IAM role to manage key access. Programmatically update the IAM role policies to manage vendor access.
C) Use KMS key policies to manage key access. Programmatically update the KMS key policies to manage vendor access.
D) Use delegated access across AWS accounts by using IAM roles to manage key access. Programmatically update the IAM trust policy to manage cross-account vendor access.
Correct Answer:
Verified
Q141: A company manages three separate AWS accounts
Q142: A company has several production AWS accounts
Q143: An organization has three applications running on
Q144: While analyzing a company's security solution, a
Q145: A company has two AWS accounts, each
Q147: A company plans to migrate a sensitive
Q148: A Web Administrator for the website example.com
Q149: A Website currently runs on Amazon EC2,
Q150: While securing the connection between a company's
Q151: A Developer is creating an AWS Lambda
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents