🔥 3-day streak
AWS Certified Security - Specialty114 / 184
Question 114 of 184
A financial services company runs a data ingestion pipeline where a producer account (111122223333) must encrypt objects it uploads to an S3 bucket in a central account (444455556666) using a customer managed KMS key owned by the central account. Per the company's data classification policy, the producer must never be able to decrypt or read the data it writes — only the central analytics team may decrypt. A security engineer needs to grant the producer account the minimum access required. Which approach correctly enforces this requirement?
Reviewed for accuracy · Report an issueNext question