Which solution will resolve the issue?
Modify the Lambda function’s resource policy to grant AWS Config permission to invoke the function.
Modify the SNS topic policy to include configuration changes for EventBridge to publish to the SNS topic.
Modify the Lambda function’s execution role to include configuration changes for custom AWS Config rules.
Modify all the ECR repository policies to grant AWS Config access to the necessary ECR API actions.
Explanations:
The AWS Config service needs permission to invoke the Lambda function when a compliance check is performed. Modifying the Lambda function’s resource policy to explicitly grant permission to AWS Config allows it to call the function, resolving the invocation failure.
Modifying the SNS topic policy does not address the issue of the Lambda function failing to run. The SNS topic policy is related to notifications, not to the invocation permissions for the Lambda function by AWS Config.
The Lambda function’s execution role pertains to the permissions the Lambda function has when it runs, not the permissions needed for AWS Config to invoke it. This option does not resolve the issue of the invocation failure.
Modifying the ECR repository policies to grant AWS Config access to necessary ECR API actions does not address the problem of the Lambda function failing to run. This is unrelated to the permissions required for invoking the Lambda function.
I systematize that the answer is:
Modify the Lambda function’s resource policy to grant AWS Config permission to invoke the function.
I scheme that the answer is:
Modify the Lambda function’s resource policy to grant AWS Config permission to invoke the function.