Topic 1 Question 165
An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege, a company grants access to the S3 bucket by using only temporary credentials.
How can a developer configure access to the S3 bucket in the MOST secure way?
Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access the required S3 objects.
Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
Create a Lambda function execution role. Attach a policy to the role that grants access to specific objects in the S3 bucket.
Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID as environment variables in Lambda. Use the environment variables to access the required S3 objects.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
C should be correct: https://docs.aws.amazon.com/lambda/latest/operatorguide/least-privilege.html
👍 9dilleman2023/10/11 - 正解だと思う選択肢: B
The correct answer is (B).
Option (B) is the most secure way to configure S3 bucket access because the credentials are stored in a safe and secure location. AWS Secrets Manager uses public key cryptography to protect stored secrets.
👍 4Digo30sp2023/10/06 - 正解だと思う選択肢: C
C. Create a Lambda function execution role. Attach a policy to the role that grants access to specific objects in the S3 bucket.
👍 3LemonGremlin2023/10/17
シャッフルモード