Forum Replies Created

Viewing 1 - 3 of 3 posts

  • lokeai

    Member
    August 10, 2020 at 10:38 pm

    I have another question.

    A media company runs a Python script that uses the AWS CLI command aws s3 cp to upload a large file to an Amazon S3 bucket, which includes an AWS KMS key. An Access Denied error always shows up whenever their developers upload a file with a size of 10 GB or more. However, when they tried to upload a smaller file with the KMS key, the upload succeeds.

    Which of the following are potential reasons why this issue is happening? (Select TWO.)”

    You said that these are correct:

    The AWS CLI S3 commands perform a multipart upload when the file is large.

    The IAM policy of the developer does not include the kms:Decrypt permission.

    However, they are able to decrypt smaller than 10gb so KMS:decrypt is not a solution, right?

    • lokeai

      Member
      August 12, 2020 at 12:22 am

      These are all the possible answers:

      The kms:Encrypt permission is missing from the IAM policy of the developers.

      The AWS CLI S3 commands perform a multipart upload when the file is large.

      There is an attached inline policy in the developers’ IAM permissions that restricts them from uploading a file with a size of 10 GB or more.

      The IAM policy of the developer does not include the kms:Decrypt permission.

      10 GB is the maximum size that can be encrypted in KMS.

  • lokeai

    Member
    August 12, 2020 at 3:16 pm

    Perfect. Good point. Thanks John! How about the first question?

Viewing 1 - 3 of 3 posts