ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 913 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 913
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is building an application on AWS. The application uses multiple AWS Lambda functions to retrieve sensitive data from a single Amazon S3 bucket for processing. The company must ensure that only authorized Lambda functions can access the data. The solution must comply with the principle of least privilege.

Which solution will meet these requirements?

  • A. Grant full S3 bucket access to all Lambda functions through a shared IAM role.
  • B. Configure the Lambda functions to run within a VPC. Configure a bucket policy to grant access based on the Lambda functions' VPC endpoint IP addresses.
  • C. Create individual IAM roles for each Lambda function. Grant the IAM roles access to the S3 bucket. Assign each IAM role as the Lambda execution role for its corresponding Lambda function.
  • D. Configure a bucket policy granting access to the Lambda functions based on their function ARNs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by swati1508 at Aug. 7, 2024, 9:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LeonSauveterre
3 months, 3 weeks ago
Selected Answer: C
A - Full access? No! B - Theoretically possible but IP-based policies are harder to manage and not as secure as IAM roles. C - By creating separate IAM roles for each Lambda function, permissions can be narrowly scoped to each function's specific needs. D - This would actually work. It's just that bucket policies based on function ARNs are less flexible and scalable compared to IAM roles, especially when you need to manage permissions for multiple Lambda functions or add new functions.
upvoted 1 times
LeonSauveterre
3 months, 3 weeks ago
Out of my instinct, least privilege leads to individually managing each function.
upvoted 1 times
...
...
56ce46c
7 months, 1 week ago
i think D is also right S3 Bucket Policy: Use an S3 bucket policy that grants access to the specific Lambda functions based on their function ARNs. This ensures that only the authorized Lambda functions can retrieve data from the S3 bucket.
upvoted 3 times
...
[Removed]
8 months, 1 week ago
Selected Answer: C
C sounds right
upvoted 2 times
...
swati1508
8 months, 3 weeks ago
A, B and D wrong only C is right
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago