Which combination of permissions should the developer use to resolve this error?

By: study aws cloud

On: January 7, 2025

Tagged: Developer Associate

With: 0 Comments

A developer is creating a solution to track an account’s Amazon S3 buckets over time.The developer has created an AWS Lambda function that will run on a schedule.The function will list the account’s S3 buckets and will store the list in an Amazon DynamoDB table.The developer receives a permissions error when the developer runs the function with the AWSLambdaBasicExecutionRole AWS managed policy.

Which combination of permissions should the developer use to resolve this error?

(Choose two.)

Cross-account IAM role

Permission for the Lambda function to list buckets in Amazon S3

Permission for the Lambda function to write in DynamoDB

Permission for Amazon S3 to invoke the Lambda function

Permission for DynamoDB to invoke the Lambda function

Explanations:

The Lambda function needs the permission to list S3 buckets, which is granted by thes3:ListAllMyBucketspermission. This is required to retrieve the list of buckets.

The Lambda function also needs permission to write data to DynamoDB, which is granted by thedynamodb:PutItemordynamodb:BatchWriteItempermission to store the S3 bucket list.

A cross-account IAM role is not needed in this scenario because the Lambda function is operating within the same account as the S3 and DynamoDB resources.

Amazon S3 does not need to invoke the Lambda function for the task described. The function is invoked by a schedule, not by S3.

DynamoDB does not invoke the Lambda function; instead, the Lambda function writes data to DynamoDB. Therefore, permission for DynamoDB to invoke the Lambda is unnecessary.

Previous Post: What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model?

Next Post: Which solution will meet this requirement?

Leave a Reply Cancel reply