Answer-first summary for fast verification
Answer: The Lambda function's execution role does not have the necessary permissions to access the KMS key that can decrypt the S3 object.
Option D is CORRECT because when an object in Amazon S3 is encrypted using an AWS KMS key, the AWS Lambda function's execution role needs explicit permission to use the KMS key to decrypt the object. Even if the Lambda function has access to the S3 bucket, it cannot read the encrypted content without the appropriate permissions to decrypt it using the KMS key. The most likely cause of the error is that the Lambda function's role lacks the necessary permissions to access the KMS key used for encryption.
Author: Ritesh Yadav
Ultimate access to all questions.
Question 15/58
A data engineer set up an AWS Lambda function to read an object that is stored in an Amazon S3 bucket. The object is encrypted by an AWS KMS key.
The data engineer configured the Lambda function's execution role to access the S3 bucket. However, the Lambda function encountered an error and failed to retrieve the content of the object.
What is the likely cause of the error?
A
The data engineer misconfigured the permissions of the S3 bucket. The Lambda function could not access the object.
B
The Lambda function is using an outdated SDK version, which caused the read failure.
C
The S3 bucket is located in a different AWS Region than the Region where the data engineer works. Latency issues caused the Lambda function to encounter an error.
D
The Lambda function's execution role does not have the necessary permissions to access the KMS key that can decrypt the S3 object.
No comments yet.