An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK) , What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)
A) Set ssm:GetParamter for the parameter resource in the instance role's IAM policy. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
B) Set kms:Decrypt for the instance role in the customer-managed CMK policy. kms:Decrypt for the instance role in the customer-managed CMK policy.
C) Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy. for the customer-managed CMK resource in the role's IAM policy.
D) Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy. ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
E) Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key. kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
F) Set kms:Decrypt for the parameter resource in the customer-managed CMK policy. for the parameter resource in the customer-managed CMK policy.
Correct Answer:
Verified
Q86: A web application with multiple services runs
Q87: An n-tier application requires a table in
Q88: A DevOps Engineer is working on a
Q89: A DevOps Engineer has several legacy applications
Q90: A DevOps Engineer is implementing a mechanism
Q92: A security review has identified that an
Q93: A web application has been deployed using
Q94: An Application team is refactoring one of
Q95: A company wants to implement a CI/CD
Q96: A company is using Docker containers for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents