This is a dedicated watch page for a single video.
A rapidly growing e-commerce company stores all of its sensitive customer data in an Amazon S3 bucket. To ensure the safety and security of this data, the company has chosen to encrypt it using an AWS Key Management Service (AWS KMS) customer managed key. The company also uses AWS Lambda functions to perform various tasks within the same account as the S3 bucket. The Lambda functions need to access the data in the S3 bucket but the company must ensure that each Lambda function has its own programmatic access control permissions to use the KMS key. Which of the following options would you recommend?