Q87 — AWS SCS-C02 Ch.1

Question 87 of 100 | ← Chapter 1

A security engineer logs in to the AWS Lambda console with administrator permissions. The security engineer is trying to view logs in Amazon CloudWatch for a Lambda function that is named myFunction. When the security engineer chooses the option in the Lambda console to view logs in CloudWatch, an "error loading Log Streams" message appears. The IAM policy for the Lambda function's execution role contains the following:  How should the security engineer correct the error?

Correct Answer: D. Add the logs:CreateLogStream action to the second Allow statement.

Explanation

根据题目描述,安全工程师在尝试查看 Lambda 函数的日志时出现错误消息 "error loading Log Streams"。这通常意味着 Lambda 函数的执行角色缺少查看日志所需的权限。IAM 政策中已经允许了 `logs:CreateLogGroup` 和 `logs:PutLogEvents` 动作,但可能缺少 `logs:GetLogStream` 或相关的动作来访问具体的日志流。选项 D 中的 `logs:CreateLogStream` 虽然不直接解决查看日志流的问题,但创建日志组或日志流是相关的操作,可能暗示需要更完整的日志访问权限。实际上,正确的解决方案可能是确保 `logs:GetLogStream` 或类似的动作被包含在 IAM 政策中,但根据选项,最接近的正确答案是 D。