Q40 — AWS DOP-C02 Ch.1

Question 40 of 100 | ← Chapter 1

A company has configured an Amazon S3 event source for an AWS Lambda function. The company needs the Lambda function to run whenever a new object is created or an existing object is modified in a specific S3 bucket. The Lambda function will use the S3 bucket name and object key from the event to retrieve the new or modified S3 object content. The Lambda function will parse the content and save the parsed output to Amazon DynamoDB. The Lambda function’s execution role has permissions to retrieve objects from the S3 bucket and write to DynamoDB. During testing, a developer finds that the Lambda function does not execute when objects are added to or modified in the S3 bucket.

Correct Answer: B. Create a resource-based policy granting Amazon S3 permission to invoke the Lambda function for the S3 bucket.

Explanation

For S3 to invoke a Lambda function, the Lambda function must have a resource-based policy explicitly granting s3.amazonaws.com permission to invoke it for the specific bucket. Option B describes this correctly. Option A misapplies an S3 bucket policy—which controls access to the bucket itself—not Lambda invocation permissions. Options C and D introduce unnecessary SQS complexity; S3-to-Lambda event notifications do not require SQS unless asynchronous processing or error handling is needed, which is not indicated in the problem statement.