Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

By:
On:
In: DVA-C02
Tagged:
With: 0 Comments
A developer is working on an AWS Lambda function that accesses Amazon DynamoDB.The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist.The Lambda function has access to the primary key.

Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

dynamodb:DeleleItemdynamodb:GetItemdynamodb:PutItem

dynamodb:UpdateItemdynamodb:GetItemdynamodb:DescribeTable

dynamodb:GetRecordsdynamodb:PutItemdynamodb:UpdateTable

dynamodb:UpdateItemdynamodb:GetItemdynamodb:PutItem

Explanations:

This option includesdynamodb:DeleteItem, which is unnecessary for retrieving or updating an item. The required permissions are for getting and putting items, not deleting them.

This option includesdynamodb:UpdateItem, but it also includesdynamodb:DescribeTable, which is not needed for retrieving or updating an item.DescribeTabledoes not facilitate item manipulation.

This option includesdynamodb:GetRecords, which is not a valid DynamoDB operation. The correct permissions for the desired functionality do not include this non-existent action. Additionally,dynamodb:UpdateTableis irrelevant to item-level operations.

This option includesdynamodb:GetItemto retrieve the item,dynamodb:PutItemto create or replace the item, anddynamodb:UpdateItemto update attributes of the item if it already exists. These permissions are all necessary for the specified functionality.

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − six =