🔥 3-day streak
AWS Certified SysOps Administrator - Associate99 / 150
Question 99 of 150

A company stores sensitive reports in an S3 bucket encrypted with a customer managed AWS KMS key in Account A. An analytics team operating in Account B needs to read and decrypt these objects using their IAM role. The bucket policy has already been updated to grant Account B's role s3:GetObject access, but the analytics team still receives an AccessDenied error when downloading objects. What is the MOST likely cause and correct remediation?

Reviewed for accuracy · Report an issueNext question