Which solution meets these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company is preparing to deploy a new serverless workload.A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function.An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.

Which solution meets these requirements?

Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.

Add an execution role to the function with lambda:InvokeFunction as the action and Service: lambda.amazonaws.com as the principal.

Add a resource-based policy to the function with lambda:* as the action and Service: events.amazonaws.com as the principal.

Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.

Explanations:

Adding * as the principal allows any AWS service or user to invoke the Lambda function, violating least privilege principles.

Using the principal Service: lambda.amazonaws.com does not apply to EventBridge; it should specify the EventBridge service instead.

While Service: events.amazonaws.com is correct, using lambda:* as the action grants more permissions than necessary for invoking the function.

This option correctly restricts the action to lambdaand specifies Service: events.amazonaws.com as the principal, adhering to least privilege principles.

Leave a Reply

Your email address will not be published. Required fields are marked *

17 + fifteen =