You are creating a Lambda function that will be triggered by a CloudWatch Event.
The data from these events need to be stored in a DynamoDB table.
How should the Lambda function be given access to the DynamoDB table?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Options A is incorrect because to provide access to AWS services always go with IAM roles and not the access keys.
Option B is CORRECT because AWS Lambda functions use roles to interact with other AWS services.
So an IAM role that has permissions to the DynamoDB table should be attached to the Lambda function.
Options C is incorrect because to provide access to AWS services, always go with IAM roles and not the access keys.
Option D is incorrect because the VPC endpoint is used to connect AWS services within the AWS network.
This does not help to resolve the permission issue of Lambda.
For more information on Lambda, kindly refer to the following URL:
https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.htmlThe correct answer is B. Use an IAM role that has permissions to the DynamoDB table and attach it to the Lambda function.
Explanation:
To allow a Lambda function to access a DynamoDB table, you need to grant it permissions to perform the required actions. The recommended way to do this is by using an IAM role that has the necessary permissions to access the DynamoDB table.
When you create an IAM role, you can specify the policies that define the permissions granted to the role. In this case, you would create a policy that grants the role access to the DynamoDB table. You can then attach this role to your Lambda function.
Here are the steps to create an IAM role and attach it to your Lambda function:
Create an IAM role with a policy that grants access to the DynamoDB table. You can do this by creating a new policy or by using an existing one.
When creating the policy, you need to specify the actions that the role is allowed to perform on the DynamoDB table. For example, you might grant the role permissions to read and write data to the table.
Once you have created the policy, create a new IAM role and attach the policy to the role.
When creating your Lambda function, specify the IAM role that you created as the execution role for the function.
The Lambda function will now be able to access the DynamoDB table using the permissions granted by the IAM role.
Note that you should not put AWS access keys in your Lambda function code or in an S3 bucket. This is because access keys provide long-term access to your AWS resources and should be kept secure. Instead, use IAM roles to grant temporary access to your resources as needed. Additionally, creating a VPC endpoint for the DynamoDB table is not necessary to grant the Lambda function access to the table.