A security engineer needs to create an AWS Key Management Service (AWS KMS) key that will be used to encrypt all data stored in a company’s Amazon S3 buckets in the us-west-1 Region. The key will use server-side encryption. Usage of the key must be limited to requests coming from Amazon S3 within the company’s account.
Which statement in the KMS key policy will meet these requirements?
A. Option A
B. Option B
C. Option C
D. Option D
ANS = A
you need the condition “kms:ViaService” to filter incomming request from S3