🔥 3-day streak
AWS Certified Developer - Associate83 / 150
Question 83 of 150

A developer maintains a document-processing microservice that runs under an IAM role. The service must temporarily allow a short-lived worker process (running under a different IAM role) to encrypt documents using a specific customer managed KMS key, but only for the duration of a single processing job. The security team requires that no changes be made to the KMS key policy and that the delegated permission can be programmatically revoked when the job completes. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question