SAA-C03 Design Secure Architectures • Set 15
SAA-C03 Design Secure Architectures Practice Test 15 — 15 questions with explanations. Free, no signup.
A cross-account IAM role in Account B reads encrypted S3 objects from Account A. The objects use SSE-KMS with a customer-managed KMS key in Account A. Account B can successfully call s3:GetObject, but decryption fails with an AccessDeniedException from KMS. What change most directly fixes the issue?