Your developer is using the KMS service and an assigned key in their Java program. They get the below error when running the code arn:aws:iam::113745388712:user/UserB is not authorized to perform: kms:DescribeKey
Which of the following could help resolve the issue?
A . Ensure that UserB is given the right IAM role to access the key
B . Ensure that UserB is given the right permissions in the IAM policy
C . Ensure that UserB is given the right permissions in the Key policy
D . Ensure that UserB is given the right permissions in the Bucket policy
Answer: C
Explanation:
You need to ensure that UserB is given access via the Key policy for the Key
Option is invalid because you don’t assign roles to IAM users For more information on Key policies please visit the below Link: https://docs.aws.amazon.com/kms/latest/developerguide/key-poli
The correct answer is: Ensure that UserB is given the right permissions in the Key policy
Leave a Reply