A Developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings. The Developer is required to use an AWS KMS Customer Master Key (CMK) supplied by the Information Security department in order to adhere to company standards for securing
Lambda environment variables.
Which of the following are required for this configuration to work? (Choose two.)

A. The Developer must configure Lambda access to the VPC using the --vpc-config parameter.

B. The Lambda function execution role must have the kms:Decrypt permission added in the AWS IAM policy.

C. The KMS key policy must allow permissions for the Developer to use the KMS key.

D. The AWS IAM policy assigned to the Developer must have the kms:GenerateDataKey permission added.

E. The Lambda execution role must have the kms:Encrypt permission added in the AWS IAM policy.






 

Suggested Answer: DE

Community Answer: BC




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.