AWS - Identity and Access Management
You want to allow an AWS Lambda function to assume an IAM role that grants access to S3 buckets. Which two policies must you configure correctly to make this work?
You want to allow an AWS Lambda function to assume an IAM role that grants access to S3 buckets. Which two policies must you configure correctly to make this work?
hard📝 Application Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Identify trust policy requirements
The trust policy must allow the Lambda service (lambda.amazonaws.com) to assume the role.Step 2: Identify permissions policy requirements
The role's permissions policy must grant access to S3 buckets for the Lambda function.Step 3: Evaluate options
A trust policy allowing lambda.amazonaws.com to assume the role and an IAM permissions policy granting S3 access correctly pairs the trust policy for Lambda and permissions for S3. Other options have incorrect principals or deny access.Final Answer:
A trust policy allowing lambda.amazonaws.com to assume the role and an IAM permissions policy granting S3 access -> Option AQuick Check:
Trust policy + permissions policy = role works [OK]
Quick Trick: Trust policy for who assumes; permissions policy for what they can do [OK]
Common Mistakes:
- Allowing wrong service in trust policy
- Confusing permissions policy with trust policy
- Denying all principals in trust policy
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes