
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function. Which solution meets these requirements?
A
Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
B
Add an execution role to the function with lambda:InvokeFunction as the action and Service: lambda.amazonaws.com as the principal.
C
Add a resource-based policy to the function with lambda:* as the action and Service: events.amazonaws.com as the principal.
D
Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.
Explanation:
Correct Answer: D
Why D is correct:
lambda:InvokeFunction (not lambda:* which is too permissive)Service: events.amazonaws.com (specifically for EventBridge service, not * which is too broad)Why other options are incorrect:
A: Incorrect because:
* is too permissive and violates least privilegeB: Incorrect because:
Service: lambda.amazonaws.com is for Lambda service itself, not EventBridgeC: Incorrect because:
lambda:* is too permissive and violates least privilege principleKey Concepts:
events.amazonaws.com service principal to invoke the functionlambda:InvokeFunction not lambda:*