Which solution will meet these requirements?
In Account A, create a Lambda execution role to assume the role in Account B. In Account B. create a role that the function can assume to gain access to the S3 bucket.
In Account A, create a Lambda execution role that provides access to the S3 bucket. In Account B, create a role that the function can assume.
In Account A, create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
In Account A. create a role that the function can assume to gain access to the S3 bucket. In Account B, create a Lambda execution role to assume the role in Account A.
Explanations:
In Account A, the Lambda function needs a role that allows it to assume a role in Account B. In Account B, the role grants the necessary permissions to access the S3 bucket. This is a valid cross-account access configuration.
In Account A, the Lambda function needs a role that can assume another role in Account B, not directly access the S3 bucket. In Account B, a role must be created to allow the Lambda function to assume it, not just directly provide access.
In Account A, the Lambda function cannot directly access the S3 bucket in Account B without assuming a role in Account B. The function in Account A should assume a role in Account B.
In Account A, the Lambda execution role should be able to assume a role in Account B for S3 access, not the other way around. In Account B, a Lambda execution role is needed, but not to assume a role in Account A.