Answer-first summary for fast verification
Answer: Create and configure an IAM role in the development accounts with a trust relationship to the shared account and update Lambda's IAM role with necessary permissions.
The correct answer is B. To adhere to the principle of least privilege and enable cross-account access, you should create an IAM role in the development accounts that has the ec2:DescribeInstances permission. Then, establish a trust relationship from the development accounts to the shared account. Finally, update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions. This ensures minimal permissions are granted, following best security practices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a company's shared AWS account, a Lambda function requires permission to perform ec2:DescribeInstances on the development accounts. How should a developer configure permissions to follow the principle of least privilege?
A
Create and configure an IAM role in the shared account with a trust relationship to development accounts and update Lambda's IAM role with necessary permissions.
B
Create and configure an IAM role in the development accounts with a trust relationship to the shared account and update Lambda's IAM role with necessary permissions.
C
Establish an IAM role in the shared account with permissions and trust for development accounts, then update Lambda's IAM role in the shared account.
D
Establish an IAM role in the development accounts with permissions and trust for the shared account, then update Lambda's IAM role in the shared account.