Security speciality (sampler) question about the ’aws s3 cp’ scenario with the 10GB file.
Question asks for potential reasons causing the ‘access denied’ error.
One of the answers states:
”The IAM policy of the developer does include the kms:Decrypt permission.”
Isn’t a ’not’ missing here?
As in the explanation you mentioned you need encrypt/decrypt/reencrypt/generatedatakey/describekey actions
which would also make the answer
’The kms:Encrypt permission is missing from the IAM policy of the developers.’
Or am I missing something here?