Topic 1 Question 913
A company is building an application on AWS. The application uses multiple AWS Lambda functions to retrieve sensitive data from a single Amazon S3 bucket for processing. The company must ensure that only authorized Lambda functions can access the data. The solution must comply with the principle of least privilege.
Which solution will meet these requirements?
Grant full S3 bucket access to all Lambda functions through a shared IAM role.
Configure the Lambda functions to run within a VPC. Configure a bucket policy to grant access based on the Lambda functions' VPC endpoint IP addresses.
Create individual IAM roles for each Lambda function. Grant the IAM roles access to the S3 bucket. Assign each IAM role as the Lambda execution role for its corresponding Lambda function.
Configure a bucket policy granting access to the Lambda functions based on their function ARNs.
ユーザの投票
コメント(4)
A, B and D wrong only C is right
👍 2swati15082024/08/07- 正解だと思う選択肢: C
C sounds right
👍 2[Removed]2024/08/17 i think D is also right S3 Bucket Policy: Use an S3 bucket policy that grants access to the specific Lambda functions based on their function ARNs. This ensures that only the authorized Lambda functions can retrieve data from the S3 bucket.
👍 256ce46c2024/09/20
シャッフルモード