A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs) . A solutions architect needs to design a solution that will ensure the required permissions are set correctly. Which combination of actions accomplish this? (Choose two.)
A) Attach the kms:decrypt permission to the Lambda function's resource policy.
B) Grant the decrypt permission for the Lambda IAM role in the KMS key's policy.
C) Grant the decrypt permission for the Lambda resource policy in the KMS key's policy.
D) Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.
E) Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
Correct Answer:
Verified
Q254: A company runs an application that uses
Q255: A company has several Amazon EC2 instances
Q256: A company maintains a searchable repository of
Q257: A media company has an application that
Q258: A company wants to reduce its Amazon
Q260: A solutions architect plans to convert a
Q261: The following IAM policy is attached to
Q262: A solutions architect is deploying a distributed
Q263: An application running on AWS uses an
Q264: A solutions architect is designing the architecture
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents