A company has implemented centralized logging and monitoring of AWS CloudTrail logs from all Regions in an Amazon S3 bucket.The log files are encrypted using AWS KMS.A security engineer is attempting to review the log files using a third-party tool hosted on an Amazon EC2 instance.The security engineer is unable to access the logs in the S3 bucket and receives an access denied error message.
What should the security engineer do to fix this issue?
Check that the role the security engineer uses grants permission to decrypt objects using the KMS CMK.
Check that the role the security engineer uses grants permission to decrypt objects using the KMS CMK and gives access to the S3 bucket and objects.
Check that the role the EC2 instance profile uses grants permission to decrypt objects using the KMS CMK and gives access to the S3 bucket and objects.
Check that the role the EC2 instance profile uses grants permission to decrypt objects using the KMS CMK.
I rank that the answer is:
Check that the role the EC2 instance profile uses grants permission to decrypt objects using the KMS CMK and gives access to the S3 bucket and objects.