New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A company is building a secure solution that relies on an AWS Key Management Service...

Amazon Web Services SCS-C02 Full Course Access
Amazon Web Services SCS-C02 View All Questions

A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS) customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the company wants to prevent Amazon EC2 from using the key.

Which solution will meet these requirements?

A.

Create an IAM policy that explicitly denies permission to the key. Attach the policy to all EC2 instance profiles. Create an IAM policy that explicitly allows permission to the key. Attach the policy to all Lambda function roles.

B.

Create a custom key policy for the key. Use the kms:ViaService condition key to deny access to requests from Amazon EC2 and to allow access to requests from Lambda. Use the Lambda IAM role as the principal.

C.

Create a custom key policy for the key. Use the aws:SourceIp condition key to deny access to requests from Amazon EC2. Use the aws:AuthorizedService condition key to allow access to requests from Lambda. Use the Lambda IAM role as the principal.

D.

Create an SCP that explicitly denies permission to the key for Amazon EC2 and explicitly allows permission to the key for Lambda. Attach the SCP to the AWS account.

SCS-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C02 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A company uses Amazon Cognito for external user authentication for a web application.
A company suspects that an attacker has exploited an overly permissive role to export credentials...
Previous