🔥 3-day streak
AWS Certified Security - Specialty148 / 184
Question 148 of 184
A company stores a database credential in AWS Secrets Manager in a central security account. Applications running in a separate workload account (within the same AWS Organization) must retrieve this secret at runtime. The secret is encrypted with a customer managed KMS key in the security account. When the workload account's application role calls GetSecretValue, it receives an AccessDenied error, even though the role has been granted secretsmanager:GetSecretValue and kms:Decrypt in its identity-based policy. What is required to allow cross-account access to succeed?
Reviewed for accuracy · Report an issueNext question