Topic 1 Question 105
A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function. Which solution meets these requirements?
Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
Add an execution role to the function with lambda:InvokeFunction as the action and Service: lambda.amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:* as the action and Service: events.amazonaws.com as the principal.
Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.
ユーザの投票
コメント(10)
- 正解だと思う選択肢: D
Best way to check it... The question is taken from the example shown here in the documentation: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-use-resource-based.html#eb-lambda-permissions
👍 22123jhl02022/10/18 - 正解だと思う選択肢: D
The correct solution is D. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.
The principle of least privilege requires that permissions are granted only to the minimum necessary to perform a task. In this case, the Lambda function needs to be able to be invoked by Amazon EventBridge (Amazon CloudWatch Events). To meet these requirements, you can add a resource-based policy to the function that allows the InvokeFunction action to be performed by the Service: events.amazonaws.com principal. This will allow Amazon EventBridge to invoke the function, but will not grant any additional permissions to the function.
👍 10Buruguduystunstugudunstuy2022/12/21 - 正解だと思う選択肢: D
My answer was D, as this is the most specific answer. And then there's this guy's answer (123jhl0) which provides more details.
👍 1ocbn3wby2022/11/26
シャッフルモード