Answer-first summary for fast verification
Answer: Use the IAM policy to create a role, then assign this role to the Lambda function.
The correct answer is B. The most secure method for granting the Lambda function the necessary permissions is to create an IAM role and attach the existing IAM policy to this role, then assign the role to the Lambda function. This method allows for fine-grained access control and adheres to best practices by using roles instead of storing sensitive credentials. Attaching the IAM policy directly to the Lambda function (option A) is less flexible and not the best practice. Creating an IAM user and embedding credentials (option C) is insecure and not recommended. Using the root account keys (option D) is a severe security risk and is strongly discouraged.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should a Lambda function be granted secure access to an S3 bucket for reading and a DynamoDB table for reading and writing, given an existing IAM policy?
A
Directly attach the IAM policy to the Lambda function.
B
Use the IAM policy to create a role, then assign this role to the Lambda function.
C
Create an IAM user, apply the policy, and input the user's credentials into the Lambda function's environment variables.
D
Utilize the AWS root account keys as encrypted environment variables within the Lambda function.