AWS CLI to update the configuration of an AWS Lambda function, Intending to indude environment variables.

Command:

aws lambda update$-$function$-$configuration$--$function$-$name my$-$function$-$environment Variables $($keyl valuel, key$2$ value$2)$

The developer expected the environment variables would be automatically encrypted by AWS using the default service key, but this did not happen. What is the cause of this unexpected behavior?

Pick ONE option

The AWS CLI command 'update$-$function$-$configuration does not inherently support the automatic encryption of environment variables. Automatic encryption mandates explicit specification through the $\text{'}--$kms$-$key$-$arn' parameter.

Unlike manual creation through the AWS Management Console, AWS solely automates the encryption of environment variables. Updates via CLI or SDK require the provision of an encryption key.

The AWS Lambda function's execution role is deficient in the 'AWSLambdaBasicExecutionRole managed policy. This policy is necessary for AWS to automatically encrypt environment variables.

Although the AWS CLI command executed successfully, the automatic encryption of environment variables only occurs the first time the function is invoked after the update