A company utilizes AWS Secrets Manager to securely store sensitive API keys required by an AWS Lambda function for making API calls to an external service. The Lambda function retrieves these keys upon invocation. Currently, the Secrets Manager secret is encrypted using the default AWS Key Management Service (AWS KMS) key. A DevOps engineer is tasked with updating the infrastructure to ensure that access to the secrets in Secrets Manager is restricted solely to the Lambda function's execution role, adhering to the principle of least privilege. What steps should the DevOps engineer take to achieve this? | AWS Certified DevOps Engineer - Professional Quiz