🔥 3-day streak
AWS Certified Developer - Associate76 / 150
Question 76 of 150
A developer is building a Lambda function that must decrypt data using a customer managed KMS key owned by the same AWS account. The function's execution role has an IAM policy that allows kms:Decrypt on the specific key ARN. However, calls to Decrypt fail with an AccessDeniedException. The KMS key policy contains only the default statement granting the account root full access. What is the MOST likely cause and correct fix?
Reviewed for accuracy · Report an issueNext question