Q86 — AWS DEA-C01 Ch.1

Question 86 of 100 | ← Chapter 1

A data engineer creates an AWS Lambda function that an Amazon EventBridge event will invoke. When the data engineer tries to invoke the Lambda function by using an EventBridge event, an AccessDeniedException message appears. How should the data engineer resolve the exception?

Correct Answer: B. Ensure that both the IAM role that EventBridge uses and the Lambda function's resource-based policy have the necessary permissions.

Explanation

AWS服务间调用的权限设置通常涉及调用方IAM策略和被调用方资源策略的双重授权。AWS文档指出,当EventBridge触发Lambda时,EventBridge需具备lambda:InvokeFunction权限的IAM角色,同时Lambda函数的资源策略必须授权EventBridge服务(events.amazonaws.com)调用。选项A错误,因Lambda执行角色的信任策略关联的是Lambda服务本身而非EventBridge。选项C的网络配置不解决权限错误。选项D的事件结构问题通常导致其他错误类型。正确选项B对应IAM角色和资源策略的权限组合要求。