An AWS Lambda function needs read access to an Amazon S3 bucket in the same account. Which solution meets this requirement in the MOST secure way?
Choose an answer
Tap an option to check your answer.
Correct answer: Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket..
Why this is the answer
Applying an IAM role to the Lambda function with a specific IAM policy granting read access to only the required S3 bucket is the most secure solution. This adheres to the principle of least privilege, ensuring the Lambda function has only the necessary permissions and no more. IAM roles provide temporary credentials, eliminating the need to manage long-lived access keys. Applying an S3 bucket policy alone would grant access to the bucket but wouldn't be the primary mechanism for a Lambda function's permissions, which are typically managed via its execution role. Embedding access and secret keys in code is highly insecure as it exposes credentials and is difficult to rotate. Granting read access to all S3 buckets violates the principle of least privilege, giving the function unnecessary broad permissions.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed