🔥 3-day streak
AWS Certified Data Engineer - Associate84 / 159
Question 84 of 159
A data engineering team in Account A runs a Glue job that must read Parquet files stored in an S3 bucket owned by Account B. The objects in Account B are encrypted with a customer-managed KMS key (also in Account B). The bucket policy already grants Account A's Glue role s3:GetObject. However, the Glue job fails with an AccessDenied error when attempting to decrypt objects. What is the MOST appropriate action to resolve this while following least-privilege principles?
Reviewed for accuracy · Report an issueNext question