Topic 1 Question 640
2 つ選択A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service (AWS KMS) keys. A solutions architect needs to design a solution that will ensure the required permissions are set correctly.
Which combination of actions accomplish this?
Attach the kms:decrypt permission to the Lambda function’s resource policy
Grant the decrypt permission for the Lambda IAM role in the KMS key's policy
Grant the decrypt permission for the Lambda resource policy in the KMS key's policy.
Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.
Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: BE
BE is right.
The key policy has to be modified to give lambda execution role access. You can't set another resource policy as principle. So C is not right
👍 5NickGordon2023/11/09 - 正解だと思う選択肢: BE
Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function then grant the decrypt permission for the Lambda IAM role in the KMS key's policy
👍 2TariqKipkemei2023/12/04 - 正解だと思う選択肢: BE
Not A and C because they are about function's "resource policy" which controls who can manage the function, NOT what the function can do. Not D because you attach an IAM policy to an IAM principal, not to a Lambda function.
👍 2pentium752024/01/02
シャッフルモード