Topic 1 Question 228
A DevOps team has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr:* actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.
When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.
Which solution will resolve the issue?
Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
Modify the SNS topic policy to include configuration changes for EventBridge to publish to the SNS topic.
Modify the Lambda function's execution role to include configuration changes for custom AWS Config rules.
Modify all the ECR repository policies to grant AWS Config access to the necessary ECR API actions.
ユーザの投票
コメント(6)
---> A
👍 4tgv2024/07/15A. Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "config.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:region:account-id:function:function-name" } ] }👍 2amehim2024/07/21- 正解だと思う選択肢: A
Resource policy should allow Config invocation
👍 2d9iceguy2024/07/21
シャッフルモード