Which of the following could help resolve the issue?

Posted by: Pdfprep Category: SCS-C01 Tags: , ,

Your developer is using the KMS service and an assigned key in their Java program. They get the below error when running the code arn:aws:iam::113745388712:user/UserB is not authorized to perform: kms:DescribeKey

Which of the following could help resolve the issue?
A . Ensure that UserB is given the right IAM role to access the key
B . Ensure that UserB is given the right permissions in the IAM policy
C . Ensure that UserB is given the right permissions in the Key policy
D . Ensure that UserB is given the right permissions in the Bucket policy

Answer: C

Explanation:

You need to ensure that UserB is given access via the Key policy for the Key

Option is invalid because you don’t assign roles to IAM users For more information on Key policies please visit the below Link: https://docs.aws.amazon.com/kms/latest/developerguide/key-poli

The correct answer is: Ensure that UserB is given the right permissions in the Key policy

Leave a Reply

Your email address will not be published.