Answer-first summary for fast verification
Answer: The Lambda function does not have IAM permissions to write to DynamoDB
The Lambda function does not have IAM permissions to write to DynamoDB You need to use an identity-based policy that allows read and write access to a specific Amazon DynamoDB table. To use this policy, attach the policy to a Lambda service role. A service role is a role that you create in your account to allow a service to perform actions on your behalf. That service role must include AWS Lambda as the principal in the trust policy. The role is then used to grant a Lambda function access to a DynamoDB table. By using an IAM policy and role to control access, you don’t need to embed credentials in code and can tightly control which services the Lambda function can access. Incorrect options: The Lambda function's provisioned concurrency limit has been exceeded The Lambda function's reserved concurrency limit has been exceeded Reserved concurrency – Reserved concurrency guarantees the maximum number of concurrent instances for the function. When a function has reserved concurrency, no other function can use that concurrency. There is no charge for configuring reserved concurrency for a function. Provisioned concurrency – Provisioned concurrency initializes a requested number of execution environments so that they are prepared to respond immediately to your function's invocations. Note that configuring provisioned concurrency incurs charges to your AWS account. Neither reserved concurrency nor provisioned concurrency has any relevance to the given use case. Both options have been added as distractors. DynamoDB table does not have a Gateway VPC Endpoint, which is required by the Lambda function for a successful write - Gateway endpoints provide reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC. Gateway endpoints do not enable AWS PrivateLink. This option acts as a distractor since the Lambda function is not provisioned within a VPC by default, so there is no need of a Gateway VPC Endpoint to access DynamoDB.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A developer is tasked with creating an AWS Lambda function designed to read data from objects stored in Amazon S3 and subsequently write this data to a table in Amazon DynamoDB. The function is successfully triggered by an S3 event notification whenever a new object is created. However, the function fails when it tries to write data to the DynamoDB table.
What could be the most likely cause of this failure?
A
The Lambda function does not have IAM permissions to write to DynamoDB
B
The Lambda function's provisioned concurrency limit has been exceeded
C
The Lambda function's reserved concurrency limit has been exceeded
D
DynamoDB table does not have a Gateway VPC Endpoint, which is required by the Lambda function for a successful write