DOP-C02 · Question #317
DOP-C02 Question #317: Real Exam Question with Answer & Explanation
The correct answer is B: Create a resource policy for the Lambda function to grant Amazon S3 permission to invoke the. For Amazon S3 to invoke a Lambda function, the Lambda function must have a resource policy that explicitly allows the S3 service to invoke it. This is crucial because, without the appropriate permissions set in the Lambda function's resource policy, S3 cannot trigger the Lambda f
Question
A company configured an Amazon S3 event source for an AWS Lambda function. The company needs the Lambda function to run when a new object is created or an existing object is modified in a specific S3 bucket. The Lambda function will use the S3 bucket name and the S3 object key of the incoming event to read the contents of the new or modified S3 object. The Lambda function will parse the contents and save the parsed contents to an Amazon DynamoDB table. The Lambda function's execution role has permissions to read from the S3 bucket and to write to the DynamoDB table. During testing, a DevOps engineer discovers that the Lambda function does not run when objects are added to the S3 bucket or when existing objects are modified. Which solution will resolve these problems?
Options
- ACreate an S3 bucket policy for the S3 bucket that grants the S3 bucket permission to invoke the
- BCreate a resource policy for the Lambda function to grant Amazon S3 permission to invoke the
- CConfigure an Amazon Simple Queue Service (Amazon SQS) queue as an OnFailure destination
- DConfigure an Amazon Simple Queue Service (Amazon SQS) queue as the destination for the S3
Explanation
For Amazon S3 to invoke a Lambda function, the Lambda function must have a resource policy that explicitly allows the S3 service to invoke it. This is crucial because, without the appropriate permissions set in the Lambda function's resource policy, S3 cannot trigger the Lambda function when objects are created or modified. When you configure an S3 event notification for object creation or modification, S3 attempts to invoke the specified Lambda function. If the function does not have a resource policy allowing S3 to invoke it, the invocation will fail, leading to the issue that the DevOps engineer encountered Adding a resource policy directly to the Lambda function is a straightforward solution that provides the necessary permissions for invocation without introducing additional components (such as SQS) into the architecture. This helps maintain the original design of using S3 event notifications to trigger the Lambda function directly. By creating a resource policy that grants Amazon S3 permission to invoke the Lambda function, you can ensure that the Lambda function is properly triggered when objects are created or modified in the S3 bucket, resolving the problem efficiently.
Topics
Community Discussion
No community discussion yet for this question.