SAA-C03 · Question #772
SAA-C03 Question #772: Real Exam Question with Answer & Explanation
The correct answer is A: Update the Lambda function's execution role to include permissions for Amazon CloudWatch. To enable logging and tracing for a Lambda function, its execution role must have permissions to write to Amazon CloudWatch Logs and to use AWS X-Ray. Updating the execution role directly follows the principle of least privilege, as it grants only the necessary permissions for lo
Question
A solutions architect has created an AWS Lambda function. The Lambda function processes objects that have been uploaded to an Amazon S3 bucket and updates an Amazon DynamoDB table. The solutions architect wants to update the Lambda function to include logging and capture traces. The solutions architect needs to follow the principle of least privilege. Which solution will meet these requirements?
Options
- AUpdate the Lambda function's execution role to include permissions for Amazon CloudWatch
- BCreate a resource-based policy that includes permissions for Amazon CloudWatch to invoke the
- CUpdate the Lambda function's execution role to include Amazon CloudWatch permissions. Create
- DUpdate the Lambda function's execution role to include Amazon CloudWatch permissions. Create
Explanation
To enable logging and tracing for a Lambda function, its execution role must have permissions to write to Amazon CloudWatch Logs and to use AWS X-Ray. Updating the execution role directly follows the principle of least privilege, as it grants only the necessary permissions for logging and tracing without adding unnecessary access.
Community Discussion
No community discussion yet for this question.