Which solution will meet these requirements?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company is preparing to deploy a new serverless workload.A solutions architect needs to configure permissions for invoking an AWS Lambda function.The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule.Permissions should be configured using the principle of least privilege.

Which solution will meet these requirements?

Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.

Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal.

Add a resource-based policy to the function with lambda:’* as the action and Service:events.amazonaws.com as the principal.

Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.

Explanations:

This option incorrectly uses*as the principal, which allows any principal to invoke the Lambda function. This violates the principle of least privilege, as it grants permissions too broadly.

This option specifiesService:amazonaws.comas the principal, which is not a valid principal for Lambda function invocation. This will not effectively restrict access to EventBridge.

This option allows all actions (lambda:*) instead of specificallylambda:InvokeFunction. This grants more permissions than necessary, violating the principle of least privilege.

This option correctly specifieslambda:InvokeFunctionas the action andService:events.amazonaws.comas the principal, allowing only EventBridge to invoke the function. This adheres to the principle of least privilege by limiting access to only what is necessary.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × four =