Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 1 discussion

CD Why the answers for many questions are categorically wrong?

Create an execution role for your Lambda function as a best practice. https://shorturl.at/zzupq

C. IAM role for Lambda with policy: This is the most common and recommended approach. You create an IAM role specifically for the Lambda function, then attach an IAM policy to the role that grants the necessary read and write permissions to the S3 bucket. Lambda functions assume this role when they are executed and can then interact with the S3 bucket. D. IAM role for Lambda with a bucket policy: Another valid approach is to create an IAM role for the Lambda function and attach a bucket policy to the S3 bucket that allows access from the Lambda function's role. The bucket policy explicitly grants access to the function's role, so no IAM role-specific permissions are needed for the Lambda function itself, although this option is less common than the previous one.

for sure this will be the use of AWS ROLES it is simple, you attach a role to the lambda to be able to access certain S3 bucket.

C and D

100% it is C and D

C & D are the correct answers

CD Always create execution role for your lambda function, as a best practice.

Respuesta seleccionada: CD

Answer is CD

same account. for ABAC IAM role w/ policy will do. RBAC requires principal

Permission needs to be specified either from Lambda's role policy, or from S3 bucket's resource policy.

c and d

Any type of key means a long term access. Always use IAM roles to keep access temporarily. Answer should be C&D

vote for C and D