🔥 3-day streak
AWS Certified Security - Specialty111 / 184
Question 111 of 184
A financial services company encrypts sensitive customer records in an S3 bucket using a customer managed KMS key. A newly deployed analytics application running on EC2 instances (using an instance profile role) must decrypt these objects only between 01:00 and 05:00 UTC each day when batch jobs run. The security team wants to grant the minimum necessary access without modifying the KMS key policy, which is centrally controlled and change-controlled by a separate team. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question