Q90 — AWS AIF-C01 Ch.1

Question 90 of 100 | ← Chapter 1

A company wants to use a foundation model (FM) on Amazon Bedrock to develop a chatbot. The foundation model needs to access encrypted data stored in an Amazon S3 bucket. The data is encrypted using Amazon S3 managed keys (SSE-S3). When the FM attempts to access the S3 bucket data, it encounters a failure. Which solution meets these requirements?

Correct Answer: A. Ensure the IAM role assumed by Amazon Bedrock has permissions to use the correct encryption key to decrypt the data.

Explanation

Ensuring the IAM role assumed by Amazon Bedrock has permissions to use the correct encryption key to decrypt the data is the best solution. By configuring appropriate IAM roles and policies, Bedrock can securely access and decrypt data in the S3 bucket using the correct encryption key. This approach is secure and aligns with AWS best practices, avoiding security risks associated with public access while preserving data confidentiality and integrity.