Q41 — AWS SAA-C03 Ch.5

Question 41 of 65 | ← Chapter 5

Q341. A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.Which solution will meet these requirements in the MOST secure manner?

Correct Answer: B. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket

Explanation

Option B is the most secure solution for providing read access to an S3 bucket from an AWS Lambda function.Option A: Applying an S3 bucket policy that grants read access to the S3 bucket could provide the necessary permissions, but it is less secure than using an IAM role because it is not specific to the Lambda function. It also does not follow the principle of least privilege. Option C: Embedding an access key and secret key in the Lambda function's code is not a best practice approach because it can compromise the security of your AWS resources, as anyone with access to the code would have access to the keys.Option D: Applying an IAM role to the Lambda function and granting read access to all S3 buckets in the account is not the most secure option since it involves granting broader permissions than what the Lambda function requires. This may result in unintended access to other S3 buckets in the account. Therefore, option B is the most secure solution because it involves applying an IAM role to the Lambda function, which allows for granular control over permissions. An IAM policy can be applied to the role to grant read access to the specific S3 bucket that the Lambda function needs to access. This approach follows the principle of least privilege and ensures that the Lambda function only has access to the resources it needs to perform its intended actions.