A developer is writing an AWS Lambda function. The Lambda function needs to access items that are stored in an Amazon DynamoDB table. What is the MOST secure way to configure this access for the Lambda function?
A.
Create an IAM user that has permissions to access the DynamoDB table. Create an access key for this user. Store the access key ID and secret access key in the Lambda function environment variables.
B.
Add a resource-based policy to the DynamoDB table to allow access from the Lambda function's IAM role.
C.
Create an IAM policy that allows access to the DynamoDB table. Attach this policy to the Lambda function's IAM role.
D.
Create a DynamoDB Accelerator (DAX) cluster. Configure the Lambda function to use the DAX duster to access the DynamoDB table.
A) Eliminated: Storing access keys in environment variables is not a best practice
D) Eliminated: DAX can improve performance by acting as a caching layer for DynamoDB, it is not related to security or access configuration
It seems that DynamoDB now supports resource-based policies
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/security_iam_service-with-iam.html
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/security_iam_service-with-iam.html Dynamodb doesn't support resource based policies, so c it is
C is correct we can use the lambda Role (or create a new one according to the company policies), attach the IAM policy (json with read and write permissions to the table) to this Role. Finally, the lambda function should have the access to the table.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html
- Identity-based policies are attached to an IAM user, group, or role.
- Resource-based policies are attached to a resource.
In this case you are using a role, so identity based policies should be used.
Resource-based policy is not supported for DynamoDb - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html#database_svcs
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sumanshu
4 months, 1 week agosumanshu
4 months, 1 week agosumanshu
4 months, 1 week agojeanpierregs21
5 months, 2 weeks agowxento1112
5 months, 2 weeks agothucta96dn
5 months, 4 weeks agogilleep_17
1 year, 3 months agoAsmaZoheb
1 year, 3 months agoja1092m
1 year, 7 months agorcaliandro
1 year, 10 months agoKrt5894
2 years, 2 months agoDirisme
2 years, 3 months agoJay1299
2 years, 2 months agodark_cherrymon
2 years, 5 months agocloud_collector
2 years, 5 months agoscomperleur
2 years, 6 months agohabros
2 years, 6 months agogary_gary
2 years, 7 months agoSuperPiski
2 years, 7 months agoJabol
2 years, 7 months agosidvic
2 years, 7 months ago