Which combination of permissions should the developer use to resolve this error?
(Choose two.)
Cross-account IAM role
Permission for the Lambda function to list buckets in Amazon S3
Permission for the Lambda function to write in DynamoDB
Permission for Amazon S3 to invoke the Lambda function
Permission for DynamoDB to invoke the Lambda function
Explanations:
The Lambda function needs the permission to list S3 buckets, which is granted by thes3:ListAllMyBucketspermission. This is required to retrieve the list of buckets.
The Lambda function also needs permission to write data to DynamoDB, which is granted by thedynamodb:PutItemordynamodb:BatchWriteItempermission to store the S3 bucket list.
A cross-account IAM role is not needed in this scenario because the Lambda function is operating within the same account as the S3 and DynamoDB resources.
Amazon S3 does not need to invoke the Lambda function for the task described. The function is invoked by a schedule, not by S3.
DynamoDB does not invoke the Lambda function; instead, the Lambda function writes data to DynamoDB. Therefore, permission for DynamoDB to invoke the Lambda is unnecessary.
I compute that the answer is:
Permission for the Lambda function to list buckets in Amazon S3
From what I’ve heard, the answer is:
Permission for the Lambda function to list buckets in Amazon S3