You are creating a Lambda function which will be triggered by a CloudWatch Event. The data from these events needs to be stored in a DynamoDB table.
How should the Lambda function be given access to the DynamoDB table?
A . Put the AWS Access keys in the Lambda function since the Lambda function by default is secure
B . Use an IAM role which has permissions to the DynamoDB table and attach it to the Lambda function.
C . Use the AWS Access keys which has access to DynamoDB and then place it in an S3 bucket.
D . Create a VPC endpoint for the DynamoDB table. Access the VPC endpoint from the Lambda function.
Answer: B
Explanation:
AWS Lambda functions uses roles to interact with other AWS services. So use an IAM role which has permissions to the DynamoDB table and attach it to the Lambda function.
Options A and C are all invalid because you should never use AWS keys for access. Option D is invalid because the VPC endpoint is used for VPCs
For more information on Lambda function Permission model, please visit the URL https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html
The correct answer is: Use an IAM role which has permissions to the DynamoDB table and attach it to the Lambda function. Submit your Feedback/Queries to our Experts
Leave a Reply