An external audit of a company's serverless application reveals IAM policies that grant too many permissions. These policies are attached to the company's AWS Lambda execution roles Hundreds of the company's Lambda functions have broad access permissions, such as full access to Amazon S3buckets and Amazon DynamoDB tables. The company wants each function to have only the minimum permissions that the function needs to complete its task. A solutions architect must determine which permissions each Lambda function needs. What should the solutions architect do to meet this requirement with the LEAST amount of effort?

Exam-Like

Set up Amazon CodeGuru to profile the Lambda functions and search for AWS API calls Create an inventory of the
required API calls and resources for each Lambda function Create new IAM access policies for each Lambda function
Review the new policies to ensure that they meet the company's business requirements

18.2%

Turn on AWS CloudTrail logging for the AWS account. Use AWS identity and Access Management Access
Analyzer to generate IAM access policies based on the activity recorded in the CloudTrail log Review the generated policies to ensure that they meet the company's business requirements

63.6%

Turn on AWS Cloudrail logging for the AWS account. Create a script to parse the CloudTrail log, search for AWS
API calls by Lambda execution role,and create a summary report Review the report Create IAM access polices that provide
more restrictive permissions for each Lambda function

0.0%

Turn on AWS CloudTrail logging for the AWS account Export the CloudTrail logs to Amazon S3 Use Amazon
EMR to process the CloudTrail logs in Amazon S3and produce a report of API calls and resources used by each execution role Create a new IAM access policy for each role Export the generated roles to an S3bucket Review the generated policies to ensure that they meet the company's business requirements

18.2%

AWS Certified Solutions Architect - Professional

Comments

Get started today