A developer has deployed a serverless application to AWS Lambda.The developer needs to encrypt the Lambda function’s environment variables by using an AWS Key Management Service (AWS KMS) customer managed key.When the developer attempts to configure the KMS key for the environment variables, an error occurs.The error message indicates that access to the KMS key was denied.
What should the developer do to resolve this error?
Set an IAM policy that allows the developer to have appropriate access to the KMS key.
Set an IAM policy that allows the Lambda function to have appropriate access to the KMS key.
Apply the AWSLambdaBasicExecutionRole managed policy to the Lambda function.
Create a trust policy for the Lambda function. In the trust policy, specify kms.amazonaws.com as a service principal.