AWS - Identity and Access Management
You want to apply the least privilege principle for a developer who needs to manage Lambda functions but only in the
dev-environment. Which approach is best?You want to apply the least privilege principle for a developer who needs to manage Lambda functions but only in the dev-environment. Which approach is best?
hard📝 Best Practice Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Identify the scope of access needed
The developer needs to manage Lambda functions only in thedev-environment.Step 2: Apply least privilege by limiting actions and resources
Create an IAM policy allowing only Lambda actions on functions with resource ARN containingdev-environmentrestricts Lambda actions to only functions indev-environment, minimizing risk.Step 3: Evaluate other options
Options B, C, and D grant broader access than needed, violating least privilege.Final Answer:
Create an IAM policy allowing only Lambda actions on functions with resource ARN containing dev-environment -> Option DQuick Check:
Least privilege = limit actions + resource scope [OK]
Quick Trick: Limit permissions by resource tags or names [OK]
Common Mistakes:
- Using broad AWS managed policies
- Granting admin or full access unnecessarily
- Ignoring resource-level restrictions
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes