A healthcare company is developing an AWS Lambda function that publishes notifications to an encrypted Amazon Simple Notification Service (Amazon SNS) topic. The notifications contain protected health information (PHI).
The SNS topic uses AWS Key Management Service (AWS KMS) customer managed keys for encryption. The company must ensure that the application has the necessary permissions to publish messages securely to the SNS topic.
Which combination of steps will meet these requirements? (Choose three.)

A. Create a resource policy for the SNS topic that allows the Lambda function to publish messages to the topic.

B. Use server-side encryption with AWS KMS keys (SSE-KMS) for the SNS topic instead of customer managed keys.

C. Create a resource policy for the encryption key that the SNS topic uses that has the necessary AWS KMS permissions.

D. Specify the Lambda function's Amazon Resource Name (ARN) in the SNS topic's resource policy.

E. Associate an Amazon API Gateway HTTP API with the SNS topic to control access to the topic by using API Gateway resource policies.

F. Configure a Lambda execution role that has the necessary IAM permissions to use a customer managed key in AWS KMS.




 

Suggested Answer: ADF

Community Answer: ACF




This question is in SAA-C03 exam 
For getting AWS Certified Solutions Architect Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.