Answer-first summary for fast verification
Answer: By assigning an IAM role with a policy granting specific S3 bucket read access to the Lambda function.
The most secure way to grant read access to a specific S3 bucket for a Lambda function is to use an IAM role. By assigning an IAM role to the Lambda function and applying a policy to that role which grants read access to the specific S3 bucket, you ensure that the Lambda function has the minimal required permissions. Embedding access keys in code or granting broader access than necessary, such as to all S3 buckets in the account, is not a best practice due to security risks. Therefore, option B is the correct choice.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a Lambda function in the same AWS account securely obtain read access to an S3 bucket?
A
By applying an S3 bucket policy for read access.
B
By assigning an IAM role with a policy granting specific S3 bucket read access to the Lambda function.
C
By including AWS access credentials in the Lambda function code for S3 bucket read access.
D
By assigning an IAM role with a policy granting read access to all S3 buckets in the account to the Lambda function.
No comments yet.