Topic 1 Question 302
A company configured an Amazon S3 event source for an AWS Lambda function. The company needs the Lambda function to run when a new object is created or an existing object is modified in a specific S3 bucket. The Lambda function will use the S3 bucket name and the S3 object key of the incoming event to read the contents of the new or modified S3 object. The Lambda function will parse the contents and save the parsed contents to an Amazon DynamoDB table.
The Lambda function's execution role has permissions to read from the S3 bucket and to write to the DynamoDB table. During testing, a DevOps engineer discovers that the Lambda function does not run when objects are added to the S3 bucket or when existing objects are modified.
Which solution will resolve these problems?
Create an S3 bucket policy for the S3 bucket that grants the S3 bucket permission to invoke the Lambda function.
Create a resource policy for the Lambda function to grant Amazon S3 permission to invoke the Lambda function on the S3 bucket.
Configure an Amazon Simple Queue Service (Amazon SQS) queue as an OnFailure destination for the Lambda function. Update the Lambda function to process messages from the SQS queue and the S3 event notifications.
Configure an Amazon Simple Queue Service (Amazon SQS) queue as the destination for the S3 bucket event notifications. Update the Lambda function's execution role to have permission to read from the SQS queue. Update the Lambda function to consume messages from the SQS queue.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
The lambda resource policy should allow S3. Or in cloudformation terms: adding the AWS::Lambda::Permission
👍 3Impromptu2024/11/22 - 正解だと思う選択肢: B
Lambda should allow to be invoked by S3 bucket Hence B
👍 3ArunRav2024/11/28 - 正解だと思う選択肢: B
- S3-to-Lambda Invocation:
• When you configure Amazon S3 to trigger an AWS Lambda function, S3 must have explicit permission to invoke the function. This is done by attaching a resource-based policy to the Lambda function.
• Without this policy, even if S3 event notifications are configured, the Lambda function will not be triggered because S3 does not have the necessary permissions to invoke the function.
- Solution Details: • A resource policy for the Lambda function specifies that the S3 bucket is allowed to invoke the Lambda function. This is configured by using the AWS CLI, AWS SDKs, or directly in the AWS Management Console.
👍 2Ky_242024/12/15 - S3-to-Lambda Invocation:
• When you configure Amazon S3 to trigger an AWS Lambda function, S3 must have explicit permission to invoke the function. This is done by attaching a resource-based policy to the Lambda function.
• Without this policy, even if S3 event notifications are configured, the Lambda function will not be triggered because S3 does not have the necessary permissions to invoke the function.
シャッフルモード