🔥 3-day streak
AWS Certified SysOps Administrator - Associate97 / 150
Question 97 of 150
A company uses a customer managed KMS key to encrypt sensitive data. A newly deployed Lambda function must temporarily be granted permission to decrypt objects with this key for a scheduled 6-hour batch job, after which the access should be automatically revoked without modifying the key policy or the function's IAM role. A SysOps administrator wants the least disruptive, auditable way to provide this scoped, revocable permission. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question