Detail About Encryption Context

encryption Encryption context , an optional set of non-secret key–value pairs that can contain additional contextual information while encrypting the data. The same encryption context is required to decrypt the data as well. If the encryption context provided in the decryption request is not an exact, case-sensitive match, the decrypt request fails.

...

• Decryption successfully completed because this time updated the Encryption Context.

...

Execution role policy

• To grant our function permission to call the Decrypt operation, we need to add the following policy to the Lambda function execution role. This is the same policy sample provided in AWS Lambda.

• Let’s try to understand bit more. We have a Condition option in the policy in which we are using the StringEquals function to validate the encryption context. Here in the policy we are validating if the LambdaFunctionName (encryption context) equals to basic-lambda. Basically this is how the Lambda infra will understand which KeyID to use for decrypting based on mentioned condition.

...