An Accounting firm heavily relies on Amazon EBS volumes to provide persistent storage for application data hosted on Amazon EC2 instances. To ensure the safety and confidentiality of the clients' critical data, these volumes are encrypted. The project manager, tasked with overseeing security credentials, has encountered the following policy snippet:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Allow for use of this Key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/UserRole" }, "Action": [ "kms:GenerateDataKeyWithoutPlaintext", "kms:Decrypt" ], "Resource": "" }, { "Sid": "Allow for EC2 Use", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/UserRole" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "", "Condition": { "StringEquals": { "kms:ViaService": "ec2.us-west-2.amazonaws.com" } } ] } Based on the provided policy, which of the following statements are accurate?