The correct answer is D: Establish an IAM execution role with necessary permissions and associate it with the Lambda function. When using AWS Lambda functions, it is a best practice to create an IAM execution role with the required permissions and attach it to the Lambda function. This approach allows the Lambda function to perform actions on other AWS services securely and efficiently. Adding required IAM permissions in the resource policy of the Lambda function (Option A) would not directly grant execution permissions to the function. Options B and C are not recommended as they involve using static credentials, which is less secure compared to using IAM roles.