A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3. These files are encrypted using AWS Key Management Service (AWS KMS) keys. A solutions architect needs to design a solution that will ensure the required permissions are set correctly. Which combination of actions accomplish this? (Choose two.)

Topic #: - All AWS Certified Solutions Architect - Associate SAA-C02 Questions

A. Attach the kms:decrypt permission to the Lambda function’s resource policy.
B. Grant the decrypt permission for the Lambda IAM role in the KMS key’s policy. Most Voted
C. Grant the decrypt permission for the Lambda resource policy in the KMS key’s policy.
D. Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function.
E. Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function. Most Voted

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion