🔥 3-day streak
AWS Certified CloudOps Engineer - Associate104 / 159
Question 104 of 159

A company runs a data-processing pipeline where a temporary Lambda function must decrypt objects encrypted with a customer managed KMS key for a 48-hour batch job. Security requires that the Lambda's access to the key be scoped, temporary, and revocable without modifying the key policy or the Lambda execution role's IAM policy. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question