SAP-C02 Design for New Solutions • Set 16
SAP-C02 Design for New Solutions Practice Test 16 — 15 questions with explanations. Free, no signup.
Refer to the exhibit. A solutions architect has attached this key policy to an AWS KMS key. The IAM role MyAppRole is used by an application running on an EC2 instance in us-east-1. The application tries to decrypt an object stored in the S3 bucket my-bucket using server-side encryption with AWS KMS (SSE-KMS). What will happen?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/MyAppRole"
},
"Action": "kms:Decrypt",
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:ViaService": "s3.us-east-1.amazonaws.com",
"kms:EncryptionContext:aws:s3:arn": "arn:aws:s3:::my-bucket/*"
}
}
}
]
}