A developer tested an application locally and then deployed it to AWS Lambda. While testing the application remotely, the Lambda function fails with an access denied message. How can this issue be addressed?
A.
Update the Lambda function's execution role to include the missing permissions.
B.
Update the Lambda function's resource policy to include the missing permissions.
C.
Include an IAM policy document at the root of the deployment package and redeploy the Lambda function.
D.
Redeploy the Lambda function using an account with access to the AdministratorAccess policy.
A) Correct - The execution role needs to have the required permissions to interact with other AWS services. If the Lambda function is trying to access services like S3, DynamoDB, or other AWS resources, the role should include the necessary IAM policies granting access to those resources.
C) Eliminated - Including an IAM policy document in the deployment package does not affect the Lambda function’s permissions. Permissions are managed by the execution role assigned to the function, not by the deployment package
Question is ambiguous. I think A is answer.
Resource based policy defined on your Lambda let's other resource to access/invoke your Lambda. Execution Role is for your Lambda to access other resources.
Tricky question but i go for B,
we are having an access denied while trying to access a RESOURCE,
so we have to configure the access resource based policy
I think the answer is tricky, because it's saying that function fails when trying to run it remotely. So it seems that there are no permissions to run it from our computer (for example). So I think it's related to resource based policies.
But if We think about the question, it says that lambda function fails, so We can see that it started but during its execution, it did not have the right permissions to make any API call.
agree, if "Lambda function fails with an access denied message" means failed to execute the lambda, then it's about resource based role.
If "Lambda function fails with an access denied message" means lambda started by failed to call other service, then it's about execution role.
A. Update the Lambda function's execution role to include the missing permissions.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RicardoD
Highly Voted 3 years, 4 months agosumanshu
Most Recent 2 months, 1 week agosumanshu
2 months, 1 week agosumanshu
2 months, 1 week agosumanshu
2 months, 1 week agoblondy_chess
9 months, 3 weeks ago51b1f29
11 months, 2 weeks agoBaalhammun
1 year agoJuanFe
2 years agoqiaoli
1 year, 11 months agoJP_PA
3 years agoJuanlufr
3 years, 3 months agoEarlBrillantes061816
3 years, 3 months agoHuy
3 years, 3 months agoChinta
3 years, 4 months agoJaneJ
3 years, 4 months ago