A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3 These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs) A solutions architect needs to design a solution that will ensure the required permissions are set correctly.
Which combination of actions accomplish this? (Select TWO.)
A . Attach the kms.decrypt permission to the Lambda function’s resource policy.
B . Grant the decrypt permission for the Lambda 1AM role in the KMS key’s policy
C . Grant the decrypt permission for the Lambda resource policy in the KMS key’s policy.
D . Create a new 1AM policy with the kms:decrypt permission and attach the policy to the Lambda function
E . Create a new 1AM role with the kms decrypt permission and attach the execution role to the Lambda function.
Answer: B, E
Leave a Reply