🔥 3-day streak
AWS Certified Developer - Associate81 / 150
Question 81 of 150
A company runs a data processing pipeline where a batch Lambda function must temporarily decrypt objects using a customer managed KMS key. The security team wants to grant this specific Lambda execution role decrypt permission on the key for the duration of the job without editing the KMS key policy and without granting broad, permanent access. The team also wants the ability to programmatically revoke the permission immediately when the job completes. What should the developer implement?
Reviewed for accuracy · Report an issueNext question