Topic 1 Question 266
2 つ選択A company is developing a new serverless application that uses AWS Lambda functions. The company uses AWS CloudFormation to deploy the Lambda functions.
The company’s developers are trying to debug a Lambda function that is deployed. The developers cannot debug the Lambda function because the Lambda function is not logging its output to Amazon CloudWatch Logs.
Which combination of steps should a security engineer take to resolve this issue?
Check the role that is defined in the CloudFormation template and is passed to the Lambda function. Ensure that the role has a trust policy that allows the sts:AssumeRole action by the service principal lambda amazonaws.com.
Check the execution role that is configured in the CloudFormation template for the Lambda function. Ensure that the execution role has the necessary permissions to write to CloudWatch Logs.
Check the Lambda function configuration in the CloudFormation template. Ensure that the Lambda function has an AWS X-Ray tracing configuration that is set to Active mode or PassThrough mode.
Check the resource policy that is configured in the CloudFormation template for the Lambda function. Ensure that the resource policy has the necessary permissions to write to CloudWatch Logs.
Check the role that the developers use to debug the Lambda function. Ensure that the role has a trust policy that allows the sts:AssumeRole action by the service principal lambda.amazonaws.com.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: AB
The correct answers are A and B because:
Trust policy check (A):
Allows Lambda to assume role Required for function execution Basic Lambda requirement Must be properly configured
Execution role permissions (B):
Needed for CloudWatch Logs access Required for log writing Must include logging permissions Essential for logging functionality
This combination ensures:
Lambda can assume role Role has logging permissions Function can write logs Complete logging setup
👍 1lobana2025/01/28
シャッフルモード