nerdexam
Amazon

DVA-C02 · Question #623

A developer is automating a new application deployment with AWS SAM. The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only rea

The correct answer is D. Add the S3ReadPolicy template to the Lambda function's execution role.. In AWS SAM, adding the S3ReadPolicy managed policy to the Lambda function’s execution role grants the function read-only access to specified S3 buckets. This provides the necessary permissions to read objects securely and with minimal configuration.

Submitted by femi9· Mar 5, 2026Development with AWS Services

Question

A developer is automating a new application deployment with AWS SAM. The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects. How should the developer configure AWS SAM to grant the necessary read permission to the S3 bucket?

Options

  • AReference a second Lambda authorizer function.
  • BAdd a custom S3 bucket policy to the Lambda function.
  • CCreate an Amazon SQS topic for only S3 object reads. Reference the topic in the template.
  • DAdd the S3ReadPolicy template to the Lambda function's execution role.

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    12% (4)
  • C
    6% (2)
  • D
    79% (27)

Explanation

In AWS SAM, adding the S3ReadPolicy managed policy to the Lambda function’s execution role grants the function read-only access to specified S3 buckets. This provides the necessary permissions to read objects securely and with minimal configuration.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice