Q2 — AWS SCS-C02 Ch.1

Question 2 of 100 | ← Chapter 1

A security engineer is troubleshooting an AWS Lambda function that is named MyLambdaFunction. The function is encountering an error when the function attempts to read the objects in an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The S3 bucket has the following bucket policy: Which change should the security engineer make to the policy to ensure that the Lambda function can read the bucket objects?

Correct Answer: C. Change the Resource element to "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*".  

Explanation

根据题目描述,Lambda函数在尝试读取DOC-EXAMPLE-BUCKET中的对象时遇到错误。Bucket Policy中的Condition元素使用了ArnLike条件,但可能是匹配规则不正确或不够具体。选项C将Resource元素修改为更具体的ARN格式,确保Lambda函数能够正确识别和资源访问。这是最直接和有效的解决方案。