ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 302 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 302
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company configured an Amazon S3 event source for an AWS Lambda function. The company needs the Lambda function to run when a new object is created or an existing object is modified in a specific S3 bucket. The Lambda function will use the S3 bucket name and the S3 object key of the incoming event to read the contents of the new or modified S3 object. The Lambda function will parse the contents and save the parsed contents to an Amazon DynamoDB table.

The Lambda function's execution role has permissions to read from the S3 bucket and to write to the DynamoDB table. During testing, a DevOps engineer discovers that the Lambda function does not run when objects are added to the S3 bucket or when existing objects are modified.

Which solution will resolve these problems?

  • A. Create an S3 bucket policy for the S3 bucket that grants the S3 bucket permission to invoke the Lambda function.
  • B. Create a resource policy for the Lambda function to grant Amazon S3 permission to invoke the Lambda function on the S3 bucket.
  • C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an OnFailure destination for the Lambda function. Update the Lambda function to process messages from the SQS queue and the S3 event notifications.
  • D. Configure an Amazon Simple Queue Service (Amazon SQS) queue as the destination for the S3 bucket event notifications. Update the Lambda function's execution role to have permission to read from the SQS queue. Update the Lambda function to consume messages from the SQS queue.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by f4b18ba at Nov. 20, 2024, 5:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Srikantha
2 weeks, 4 days ago
Selected Answer: B
Event Trigger Issue: The Lambda function is not being triggered when objects are created or modified in the S3 bucket. A common reason for this issue is that Amazon S3 does not have the necessary permissions to invoke the Lambda function. Lambda Function Resource Policy: Unlike some AWS services (e.g., SNS, SQS), which can automatically invoke Lambda if they have permissions in their service role, S3 requires an explicit resource-based policy on the Lambda function to grant it invocation permissions. This means S3 needs explicit permission to trigger the Lambda function when events occur. Why Option B Works: Adding a resource-based policy to the Lambda function allows S3 to invoke the function when an event (PUT/POST operation) occurs. The policy should include an "s3.amazonaws.com" principal and an action of "lambda:InvokeFunction", granting S3 the ability to trigger Lambda.
upvoted 1 times
...
Ky_24
4 months ago
Selected Answer: B
1. S3-to-Lambda Invocation: • When you configure Amazon S3 to trigger an AWS Lambda function, S3 must have explicit permission to invoke the function. This is done by attaching a resource-based policy to the Lambda function. • Without this policy, even if S3 event notifications are configured, the Lambda function will not be triggered because S3 does not have the necessary permissions to invoke the function. 2. Solution Details: • A resource policy for the Lambda function specifies that the S3 bucket is allowed to invoke the Lambda function. This is configured by using the AWS CLI, AWS SDKs, or directly in the AWS Management Console.
upvoted 2 times
...
ArunRav
4 months, 3 weeks ago
Selected Answer: B
Lambda should allow to be invoked by S3 bucket Hence B
upvoted 3 times
...
Impromptu
4 months, 3 weeks ago
Selected Answer: B
https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html The lambda resource policy should allow S3. Or in cloudformation terms: adding the AWS::Lambda::Permission
upvoted 3 times
...
f4b18ba
4 months, 4 weeks ago
Selected Answer: A
Event Source Mapping and Permission Requirements: For Amazon S3 to invoke a Lambda function, the Lambda function must have a resource-based policy that grants Amazon S3 permission to invoke it. Without this resource-based policy, even if the event source is correctly configured, the Lambda function will not be triggered because S3 is not authorized to invoke it. Resource Policy for Lambda Function: A resource policy on the Lambda function explicitly allows Amazon S3 to invoke the function for the specified bucket events (e.g., object creation or modification). This resolves the issue by enabling S3 to trigger the Lambda function Action - lambda:InvokeFunction allows S3 to invoke the Lambda function. https://docs.aws.amazon.com/lambda/latest/dg/with-s3.html
upvoted 1 times
Impromptu
4 months, 3 weeks ago
In your link it states "To invoke your function, Amazon S3 needs permission from the function's resource-based policy." Note "FUNCTION's resource-based policy" So therefore it is B. We do not have to edit the bucket policy for this.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago