An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK),
What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)
A. Set ssm:GetParamterfor the parameter resource in the instance role’s IAM policy.
B. Set kms:Decryptfor the instance role in the customer-managed CMK policy.
C. Set kms:Decryptfor the customer-managed CMK resource in the role’s IAM policy.
D. Set ssm:DecryptParameterfor the parameter resource in the instance role IAM policy.
E. Set kms:GenerateDataKeyfor the user on the AWS managed SSM KMS key.
F. Set kms:Decryptfor the parameter resource in the customer-managed CMK policy.
What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)
A. Set ssm:GetParamterfor the parameter resource in the instance role’s IAM policy.
B. Set kms:Decryptfor the instance role in the customer-managed CMK policy.
C. Set kms:Decryptfor the customer-managed CMK resource in the role’s IAM policy.
D. Set ssm:DecryptParameterfor the parameter resource in the instance role IAM policy.
E. Set kms:GenerateDataKeyfor the user on the AWS managed SSM KMS key.
F. Set kms:Decryptfor the parameter resource in the customer-managed CMK policy.