A developer creates an AWS Lambda function to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. All message content must be encrypted in transit and at rest between Lambda and Amazon SNS.
A part of the Lambda execution role is as follows:
Which combination of steps should the developer take to meet these requirements? (Choose two.)
A. Enable server-side encryption on the SNS topic.
B. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "true" as the condition.
C. Create a VPC endpoint for Amazon SNS.
D. Add a StringEquals condition of "sns:Protocol": "https" to the Lambda execution role.
E. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "false" as the condition.
A part of the Lambda execution role is as follows:
Which combination of steps should the developer take to meet these requirements? (Choose two.)
A. Enable server-side encryption on the SNS topic.
B. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "true" as the condition.
C. Create a VPC endpoint for Amazon SNS.
D. Add a StringEquals condition of "sns:Protocol": "https" to the Lambda execution role.
E. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify "aws:SecureTransport": "false" as the condition.