What should a solutions architect do to grant the permissions?
Add required IAM permissions in the resource policy of the Lambda function.
Create a signed request using the existing IAM credentials in the Lambda function.
Create a new IAM user and use the existing IAM credentials in the Lambda function.
Create an IAM execution role with the required permissions and attach the IAM role to the Lambda function.
Explanations:
The resource policy of a Lambda function is used to control which AWS accounts or IAM roles can invoke the function, not to grant permissions to access other AWS services like S3. Therefore, adding IAM permissions here would not enable the Lambda function to upload files to S3.
Creating a signed request using existing IAM credentials in the Lambda function would involve manually handling AWS authentication and is not a recommended practice. Instead, AWS services should be accessed using roles or service-specific credentials that automatically manage permissions. This approach adds unnecessary complexity and does not provide the correct permissions for S3 access.
Creating a new IAM user and using existing IAM credentials in the Lambda function does not align with best practices for AWS Lambda. IAM roles are the preferred method for granting permissions to Lambda functions. Using IAM user credentials would also require hardcoding sensitive information, which is not secure.
Creating an IAM execution role with the required permissions and attaching it to the Lambda function is the best practice for granting permissions in AWS. This approach allows the Lambda function to assume the role with the specified permissions to interact with Amazon S3 securely, without needing to manage individual IAM user credentials.