Topic 1 Question 260
A security engineer is working with a development team to design a supply chain application that stores sensitive inventory data in an Amazon S3 bucket. The application will use an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data in Amazon S3.
The inventory data in Amazon S3 will be shared with hundreds of vendors. All vendors will use AWS principals from their own AWS accounts to access the data in Amazon S3. The vendor list might change weekly. The security engineer needs to find a solution that supports cross-account access.
Which solution is the MOST operationally efficient way to manage access control for the customer managed key?
Use KMS grants to manage key access. Programmatically create and revoke grants to manage vendor access.
Use am IAM role to manage key access. Programmatically update the IAM role policies to manage vendor access.
Use KMS key policies to manage key access. Programmatically update the KMS key policies to manage vendor access.
Use delegated access across AWS accounts by using IAM roles to manage key access. Programmatically update the IAM trust policy to manage cross-account vendor access.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
Create KMS Key: Create a customer managed key in your AWS account.
Create KMS Grants: For each vendor, create a KMS grant that allows them to encrypt and decrypt data using the key. You can specify the principal (the vendor's AWS account) and the permitted operations.
Revoke Grants: When a vendor is no longer authorized, revoke their grant.
By using KMS grants, you can efficiently manage access to your sensitive data, ensuring that only authorized vendors can access it. This approach eliminates the need for complex IAM role management and provides a more streamlined and secure solution.
👍 1IPLogic2024/12/05 - 正解だと思う選択肢: A
A. Grants are often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies https://docs.aws.amazon.com/kms/latest/developerguide/grants.html
👍 1m_ch3332025/01/04
シャッフルモード