A company has implemented centralized logging and monitoring of AWS CloudTrail logs from all Regions in an Amazon S3 bucket. The log files are encrypted using AWS KMS. A security engineer is attempting to review the log files using a third-party tool hosted on an Amazon EC2 instance. The security engineer is unable to access the logs in the S3 bucket and receives an access denied error message. What should the security engineer do to fix this issue?

Topic #: - All AWS Certified Security - Specialty Questions

A. Check that the role the security engineer uses grants permission to decrypt objects using the KMS CMK.
B. Check that the role the security engineer uses grants permission to decrypt objects using the KMS CMK and gives access to the S3 bucket and objects.
C. Check that the role the EC2 instance profile uses grants permission to decrypt objects using the KMS CMK and gives access to the S3 bucket and objects. Most Voted
D. Check that the role the EC2 instance profile uses grants permission to decrypt objects using the KMS CMK.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion