copy its bad Karma
- It require only Key policy setup
- It require only IAM policy setup
- It require IAM policy and grants in place.
- It require Key policy and grants
Ans: D
Detailed Explanation: Controlling Access to AWS KMS CMKs: You will be using following ways to control access to a CMK.
- Using Key Policy: You can use single Key Policy document to define the access control.
- IAM Policy + Key Policy: In this way you can manage all of the permissions for your IAM identities.
- Grant + Key Policy: You can use grant and Key policy to allow access to CMK. In Key policy you control the access to the CMK and also allow users to delegate their access to others.
To allow access to KMS CMK, you must use Key Policy (Remember: That is a mandate). You can use any of the above combination to control the access to CMK. IAM policy alone are not enough to control the access for CMKs. For most of the other services IAM policies are enough but this is not the case with KMS.