What should a solutions architect do to grant the permissions?
Add required IAM permissions in the resource policy of the Lambda function.
Create a signed request using the existing IAM credentials in the Lambda function.
Create a new IAM user and use the existing IAM credentials in the Lambda function.
Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function.
Explanations:
Adding IAM permissions to the resource policy of the Lambda function does not provide the necessary permissions for the function to interact with S3. Lambda functions need execution roles to define permissions for the services they access.
Creating a signed request using existing IAM credentials within the Lambda function is not a best practice. Lambda should use IAM roles for service permissions instead of embedding IAM credentials in the code, which can lead to security vulnerabilities.
Creating a new IAM user and using existing IAM credentials in the Lambda function is not recommended. Lambda functions should leverage IAM roles for permissions rather than relying on static user credentials, which can be difficult to manage and rotate securely.
Creating an IAM execution role with the required permissions and attaching it to the Lambda function is the correct approach. This allows the Lambda function to assume the role and have the necessary permissions to upload files to S3 securely and effectively.