AWS Certified Data Engineer – Associate (DEA-C01) — Question 133

A data engineer set up an AWS Lambda function to read an object that is stored in an Amazon S3 bucket. The object is encrypted by an AWS KMS key.

The data engineer configured the Lambda function’s execution role to access the S3 bucket. However, the Lambda function encountered an error and failed to retrieve the content of the object.

What is the likely cause of the error?

Answer options

• A. The data engineer misconfigured the permissions of the S3 bucket. The Lambda function could not access the object.
• B. The Lambda function is using an outdated SDK version, which caused the read failure.
• C. The S3 bucket is located in a different AWS Region than the Region where the data engineer works. Latency issues caused the Lambda function to encounter an error.
• D. The Lambda function’s execution role does not have the necessary permissions to access the KMS key that can decrypt the S3 object.

Correct answer: D

Explanation

The correct answer is D because the Lambda function needs permission to access the KMS key to decrypt the object in S3. Options A, B, and C do not address the specific issue of KMS key permissions, which is critical for accessing encrypted objects.