You need to determine what encryption operations were taken with which key in AWS KMS to ei-ther encrypt or decrypt data in the AWS CodeCommit repository. Which of the following actions will best help you accomplish this?
A.
Searching for the AWS CodeCommit repository ID in AWS CloudTrail logs
B.
Searching for the encryption key ID in AWS CloudTrail logs
C.
Searching for the AWS CodeCommit repository ID in AWS CloudWatch
D.
Searching for the encryption key ID in AWS CloudWatch
Suggested Answer:A🗳️
The encryption context is additional authenticated information AWS KMS uses to check for data integrity. When specified for the encryption operation, it must also be specified in the decryption operation or decryption will fail. AWS CodeCommit uses the AWS CodeCommit repository ID for the encryption context. You can find the repository ID by using the get-repository command or by viewing repository details in the AWS CodeCommit console. Search for the AWS CodeCommit repository ID in AWS CloudTrail logs to understand which encryption operations were taken on which key in AWS KMS to encrypt or decrypt data in the AWS CodeCommit repository. Reference: http://docs.aws.amazon.com/codecommit/latest/userguide/encryption.html
By searching for the AWS CodeCommit repository ID in AWS CloudTrail logs, you can track the encryption operations performed on the repository. AWS CloudTrail logs record API calls made to AWS services, including KMS. By searching for the CodeCommit repository ID in the CloudTrail logs, you can identify the relevant events and determine the encryption operations performed using the KMS key.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
albert_kuo
10 months, 1 week agodarkness0710
2 years, 4 months ago