AWS Certified Developer Associate DVA-C02 Practice Question
A developer is configuring a Lambda function to access resources in a separate AWS account. To follow best security practices, the developer needs to grant the Lambda function the necessary permissions. What should the developer use to accomplish this?
Store the target account user's credentials in Lambda environment variables and use them to access resources.
Use the Lambda function's own execution role directly to access resources in the target account without assuming any roles.
Create an IAM role in the target account that the Lambda function can assume, with the necessary permissions attached.
Attach an inline policy to the Lambda function's execution role granting access to the target account resources.
Cross-account access can be achieved by assuming an IAM role. The IAM role should be created in the target AWS account with the necessary permissions and a trust policy that allows the Lambda function's account to assume the role. Using a user's credentials directly is discouraged and goes against the principle of least privilege, as it can provide unnecessary and broad access. Inline policies are not the correct approach for cross-account access and Lambda environment variables are used for configuration and not for setting up cross-account permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM role and how does it work?
Open an interactive chat with Bash
What is the principle of least privilege, and why is it important?
Open an interactive chat with Bash
What is a trust policy in IAM, and why is it necessary for cross-account access?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access