SOA-C02 · Question #703
SOA-C02 Question #703: Real Exam Question with Answer & Explanation
The correct answer is B: Configure the Lambda function's execution role to assume a cross-account IAM role in the account. Have the Lambda function’s execution role assume a cross-account role in the EC2 account. The target role’s trust policy allows the Lambda role to assume it. The function calls AssumeRole to get short‐lived credentials and then lists instances - no long‐term keys stored, least pr
Question
A company has AWS accounts in an organization in AWS Organizations. The company has built an AWS Lambda function in one account. The Lambda function needs to retrieve a list of Amazon EC2 instances that are running in another account. Which solution will provide this access MOST securely?
Options
- ACreate an IAM user in the account where the EC2 instances are running. Collect access keys from
- BConfigure the Lambda function's execution role to assume a cross-account IAM role in the account
- CFrom the management account in the organization, call the Organizations CreatePolicy API
- DCreate a new resource-based policy for the Lambda function. In the policy, set the Principal to "*"
Explanation
Have the Lambda function’s execution role assume a cross-account role in the EC2 account. The target role’s trust policy allows the Lambda role to assume it. The function calls AssumeRole to get short‐lived credentials and then lists instances - no long‐term keys stored, least privilege, and native AWS cross-account pattern.
Community Discussion
No community discussion yet for this question.