Topic 1 Question 100
A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.
After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using production Lambda functions. The development team must prevent these invocations. The team must follow security best practices.
Which solution will meet these requirements?
Update the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket.
Move the development and production environments into separate AWS accounts. Add a resource policy to each Lambda function to allow only S3 buckets that are within the same account to invoke the function.
Add a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function.
Move the development and production environments into separate AWS accounts. Update the Lambda execution role for each function to add a policy that allows the execution role to read from the S3 bucket that is within the same account.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
B is a wrong answer because I do not understand the need to move the environments to separate AWS accounts. The resource policy in the production environment can be used to control which S3 bucket invokes the function.
In my understanding, the answer choice C fulfills the security best practices requirement in the question.
👍 2AgboolaKun2023/05/17 - 正解だと思う選択肢: B
Answer is B
👍 1junrun32023/05/14 - 正解だと思う選択肢: B
chatgpt said
👍 1loctong2023/05/16
シャッフルモード