AWS - Identity and Access Management
A developer must update and publish Lambda functions only in the
us-west-2 region. Which IAM policy best enforces least privilege?A developer must update and publish Lambda functions only in the us-west-2 region. Which IAM policy best enforces least privilege?
hard📝 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Identify required actions
Developer needs to update code and publish versions.Step 2: Restrict region and resource
Resource ARN must specifyus-west-2region and correct account.Step 3: Evaluate options
{ "Effect": "Allow", "Action": ["lambda:UpdateFunctionCode", "lambda:PublishVersion"], "Resource": "arn:aws:lambda:us-west-2:123456789012:function:*" } grants only needed actions scoped to correct region and account.Final Answer:
{ "Effect": "Allow", "Action": ["lambda:UpdateFunctionCode", "lambda:PublishVersion"], "Resource": "arn:aws:lambda:us-west-2:123456789012:function:*" } best follows least privilege.Quick Check:
Actions and resource ARN scoped correctly [OK]
Quick Trick: Scope actions and resources to region and function [OK]
Common Mistakes:
- Granting all lambda actions on all resources
- Using wildcard region in resource ARN
- Granting permissions in wrong region
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes