AWS Certified Developer – Associate (DVA-C02) — Question 212

A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.

Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

Answer options

• A. dynamodb:DeleleItem dynamodb:GetItem dynamodb:PutItem
• B. dynamodb:UpdateItem dynamodb:GetItem dynamodb:DescribeTable
• C. dynamodb:GetRecords dynamodb:PutItem dynamodb:UpdateTable
• D. dynamodb:UpdateItem dynamodb:GetItem dynamodb:PutItem

Correct answer: D

Explanation

The correct answer is D because the permissions 'dynamodb:GetItem', 'dynamodb:UpdateItem', and 'dynamodb:PutItem' are necessary for retrieving an item, updating its attributes, or creating it if it doesn't exist. Option A includes 'dynamodb:DeleleItem', which is unrelated to the required functionality, while B has 'dynamodb:DescribeTable', which is not needed for this task. Option C includes permissions that do not apply to the required operations.