Q47 — AWS SAA-C03 Ch.1
Question 47 of 65 | ← Chapter 1
Q47. A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege.Which solution will meet these requirements?
- A. Add an execution role to the function with lambda InvokeFunction as the action and * as the principal.
- B. Add an execution role to the function with lambda.lnvokeFunction as the action and Service. events amazonaws.com as the principal.
- C. Add a resource-based policy to the function with lambda:* as the action and Service: events amazonaws.com as the principal.
- D. Add a resource-based policy to the function with lambda:lnvokeFunction as the action and Service:events amazonaws .com as the principal. ✓
Correct Answer: D. Add a resource-based policy to the function with lambda:lnvokeFunction as the action and Service:events amazonaws .com as the principal.
Explanation
To configure permissions for invoking an AWS Lambda function triggered by an Amazon EventBridge (CloudWatch Events) rule, while following the principle of least privilege, the solutions architect should add a resource-based policy to the function.In this case, the recommended solution is to add a resource-based policy with the following configuration:Action: lambda:InvokeFunctionPrincipal: Service: events.amazonaws.comBy using "lambda:InvokeFunction" as the action, it grants only the necessary permission to invoke the Lambda function. And by specifying "Service: events.amazonaws.com" as the principal, it ensures that only EventBridge (CloudWatch Events) has the permission to trigger the Lambda function.This approach provides the appropriate level of access required for the Lambda function to be invoked by the EventBridge rule, following the principle of least privilege by granting access only to the specific service responsible for invoking the function.