Which solution will meet these requirements?

By:
On:
In: DVA-C01
Tagged:
With: 0 Comments
A company has hundreds of AWS Lambda functions that the company’s QA team needs to test by using the Lambda function URLs.A developer needs to configure the authentication of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda functions by using the public URLs.

Which solution will meet these requirements?

Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to create an IAM identity-based policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.

Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.

Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to loop on the Lambda functions to create an IAM identity-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group’s Amazon Resource Name (ARN).

Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to loop on the Lambda functions to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group’s Amazon Resource Name (ARN).

Explanations:

This option correctly uses AWS_IAM authentication for the Lambda function URLs, which allows the QA IAM group to authenticate using IAM roles and permissions. The identity-based policy is appropriately created to permit invocation of all specified Lambda function ARNs.

This option uses NONE authentication, which makes the Lambda function URLs publicly accessible without any authentication. This does not meet the requirement of allowing only the QA IAM group to access the functions.

While this option uses AWS_IAM authentication correctly, it specifies creating an IAM identity-based policy that restricts access to the QA IAM group’s ARN. The policy should instead allow access to all Lambda function ARNs for the QA IAM group, not just the specific group’s ARN.

Similar to option B, this option uses NONE authentication, which does not restrict access to the QA IAM group, making the function URLs publicly accessible. Furthermore, resource-based policies are not the appropriate mechanism here, as IAM policies should be used for the QA IAM group.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × three =