A developer has created a new IAM user that has the s3:PutObject permission to write to a specific Amazon S3 bucket. The S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. When an application uses the access key and secret key of the IAM user to call the PutObject API operation, the application receives an access denied error.
What should the developer do to resolve this error?

A. Update the policy of the IAM user to allow the s3:EncryptionConfiguration action.

B. Update the bucket policy of the S3 bucket to allow the IAM user to upload objects.

C. Update the policy of the IAM user to allow the kms:GenerateDataKey action.

D. Update the ACL of the S3 bucket to allow the IAM user to upload objects.








 

Suggested Answer: C

Community Answer: C




This question is in DVA-C01 AWS Certified Developer – Associate Exam
For getting AWS Certified Developer – Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.