You have created a set of Customer keys using the AWS KMS service. For the past 6 months, you have been using these customer keys. Recently there is a new KMS feature and the default key policy is modified. You are trying to use the new KMS feature for these customer keys but the keys seem not to have enough permissions.
Which of the following options may be the reason?

Answer options:

A.You have not explicitly given access via the key policy.
B.You have not explicitly given access via the bucket policy.
C.You have not given access via the IAM roles.
D.You have not explicitly given access via IAM users.

Answer is A
Option A is CORRECT because to implement a new KMS feature for existing customer keys, you need to be given explicit access in the key policies.
Option B is incorrect because we do not need to give explicit access to the bucket policy. This would not provide us the solution for the ask.
Option C is incorrect because as per the AWS documentation to reflect your new KMS features you need to work on default key policy and it is not useful to use IAM roles under this situation.
Option D is incorrect as we need to work with the default key policy associated with the KMS feature and there is no need to work on IAM users for the same.
According to the AWS documentation:
For more information on upgrading key policies please refer the following URL:
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-upgrading.html