Explanation:
Overall explanation Correct option:
Create an IAM role in account B with access to DynamoDB. Modify the trust policy of the role in Account B to allow the execution role of Lambda to assume this role. Update the Lambda function code to add the AssumeRole API call
You can give a Lambda function created in one account ("account A") permissions to assume a role from another account ("account B") to access resources such as DynamoDB or S3 bucket. You need to create an execution role in Account A that gives the Lambda function permission to do its work. Then you need to create a role in account B that the Lambda function in account A assumes to gain access to the cross-account DynamoDB table. Make sure that you modify the trust policy of the role in Account B to allow the execution role of Lambda to assume this role. Finally, update the Lambda function code to add the AssumeRole API call.
Ultimate access to all questions.
No comments yet.
The development team at a retail organization needs a solution to enable a Lambda function from AWS Account A to access a DynamoDB table located in AWS Account B.
As an AWS Certified Developer Associate, what solution would you propose to address this requirement?
A
Create a clone of the Lambda function in AWS Account B so that it can access the DynamoDB table in the same account
B
Create an IAM role in Account B with access to DynamoDB. Modify the trust policy of the execution role in Account A to allow the execution role of Lambda to assume the IAM role in Account B. Update the Lambda function code to add the AssumeRole API call
C
Add a resource policy to the DynamoDB table in AWS Account B to give access to the Lambda function in Account A
D
Create an IAM role in Account B with access to DynamoDB. Modify the trust policy of the role in Account B to allow the execution role of Lambda to assume this role. Update the Lambda function code to add the AssumeRole API call