AWS Certified Data Engineer – Associate (DEA-C01) — Question 102

A data engineer creates an AWS Lambda function that an Amazon EventBridge event will invoke. When the data engineer tries to invoke the Lambda function by using an EventBridge event, an AccessDeniedException message appears.

How should the data engineer resolve the exception?

Answer options

• A. Ensure that the trust policy of the Lambda function execution role allows EventBridge to assume the execution role.
• B. Ensure that both the IAM role that EventBridge uses and the Lambda function's resource-based policy have the necessary permissions.
• C. Ensure that the subnet where the Lambda function is deployed is configured to be a private subnet.
• D. Ensure that EventBridge schemas are valid and that the event mapping configuration is correct.

Correct answer: B

Explanation

The correct answer is B because both the IAM role that EventBridge uses and the Lambda function's resource-based policy must have the appropriate permissions to allow EventBridge to invoke the Lambda function. Option A is incorrect as it only addresses the trust policy and not the necessary permissions. Options C and D are irrelevant to the AccessDeniedException, as they pertain to network configuration and schema validation, respectively.