Which action should a developer take to allow logs for the Lambda function to appear in CloudWatch?
Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.
Set the AWSLambdaBasicExecutionRole managed policy as the Lambda function’s resource-based policy.
Attach the CloudWatchLambdaInsightsExecutionRolePolicy managed policy to the Lambda function’s execution role.
Set the CloudWatchLambdaInsightsExecutionRolePolicy managed policy as the Lambda function’s resource-based policy.
Explanations:
The AWSLambdaBasicExecutionRole managed policy provides the necessary permissions for Lambda functions to write logs to CloudWatch Logs. This will allow logs to appear.
Resource-based policies are not used to enable logging to CloudWatch. Instead, permissions for logging must be granted directly to the Lambda execution role.
The CloudWatchLambdaInsightsExecutionRolePolicy policy is specific to CloudWatch Lambda Insights, which is used for additional monitoring and metrics, not basic logging.
Resource-based policies are not applicable here, as permissions to write to CloudWatch Logs must be set in the Lambda execution role itself, not as a resource policy.
As I see it, the answer is:
Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.
Based on what I know, the answer is:
Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.