Multiple Choice
A developer has code stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same Region as the S3 bucket. The Lambda function will be deployed using an AWS CloudFormation template that is run for each account. What is the MOST secure approach to allow access to the Lambda code in the S3 bucket?
A) Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of "AWS": [account numbers].
B) Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of "*".
C) Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in the resource.
D) Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of "*" to allow access to the S3 bucket.
Correct Answer:
Verified
Correct Answer:
Verified
Q167: An application is experiencing performance issues based
Q168: A Developer has created a Lambda function
Q169: A company has an application that logs
Q170: A company is managing a NoSQL database
Q171: A Development team decides to adopt a
Q173: A Developer uses Amazon S3 buckets for
Q174: A company uses a third-party tool to
Q175: A Developer is designing an AWS Lambda
Q176: If an application is storing hourly log
Q177: A Developer is testing a Docker-based application