Q20 — AWS DVA-C02 Ch.1
Question 20 of 100 | ← Chapter 1
A developer tests an application locally before deploying it to AWS Lambda. During local testing, the Lambda function fails and displays an 'Access Denied' message. How should this issue be resolved?
- A. Update the Lambda function’s execution role to include the missing permissions. ✓
- B. Update the Lambda function’s resource-based policy to include the missing permissions.
- C. Include an IAM policy document in the root directory of the deployment package and redeploy the Lambda function.
- D. Redeploy the Lambda function using an account with the AdministratorAccess policy.
Correct Answer: A. Update the Lambda function’s execution role to include the missing permissions.
Explanation
Lambda functions execute under an IAM execution role, which grants permissions to access other AWS services. An 'Access Denied' error during local testing typically indicates insufficient permissions in that execution role—not a resource policy (which governs cross-account or service invocations) nor embedded policies (which are not supported in Lambda deployment packages). Using AdministratorAccess (option D) violates least-privilege principles and is insecure. Therefore, option A is correct: granting only the required permissions via the execution role is the proper, secure resolution.