A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account.The company has created an AWS Key Management Service (AWS KMS) key in the source account.Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)
A. In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the KMS key in the copy action.
B. In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.
C. In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.
D. In the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role. E. In the source account, share the unencrypted AMI with the target account. F. In the source account, share the encrypted AMI with the target account.
A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source accoun
-
homeworkanswerdumps
- Site Admin
- Posts: 346795
- Joined: Mon May 16, 2022 9:31 am
A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source accoun
Register to view solutions, replies, and use search function. Request answer by replying! For more answers visit our other sites: AnswerAccurate HomeworkAnswerHelp AnswerHappy and QuestionAnswerDump