SAA-C03 Design Secure Architectures • Set 11
SAA-C03 Design Secure Architectures Practice Test 11 — 15 questions with explanations. Free, no signup.
An application encrypts data directly with AWS KMS using an encryption context. Your KMS key policy includes a condition that allows kms:Decrypt only when the encryption context contains: "purpose" = "myapp-secrets" After a deployment, decryption fails. CloudTrail shows kms:Decrypt was called, but it was denied by the key policy due to the encryption context condition. What is the best fix?