Topic 1 Question 244

AWS Certified Developer - Associate

Topic 1 Question 244
An AWS Lambda function is running in a company’s shared AWS account. The function needs to perform an additional ec2:DescribeInstances action that is directed at the company’s development accounts. A developer must configure the required permissions across the accounts.

How should the developer configure the permissions to adhere to the principle of least privilege?
- Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
- Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
- Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
- Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: B
  Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
  
  👍 6
  PrakashM142023/11/01
- 正解だと思う選択肢: C
  By using iam:AssumeRole, AWS allows you to implement the principle of least privilege, which means entities have only the permissions they require to perform specific tasks and nothing more.
  
  👍 2
  Kowsik_shashi2023/10/29
- B To enable cross account AWS service actions, create role with required permissions in account which holds the resource. Enable trust relationship with account that will access the resource. Allow accessing account to assume the role.
  
  👍 1
  didorins2023/10/28
シャッフルモード

ユーザの投票

コメント(6)