AWS Certified Developer – Associate (DVA-C02) — Question 332

A developer is building an event-driven application by using AWS Lambda and Amazon EventBridge. The Lambda function needs to push events to an EventBridge event bus. The developer uses an SDK to run the PutEvents EventBridge action and specifies no credentials in the code. After deploying the Lambda function, the developer notices that the function is failing and there are AccessDeniedException errors in the logs.

How should the developer resolve this issue?

Answer options

• A. Configure a VPC peering connection between the Lambda function and EventBridge.
• B. Modify their AWS credentials to include permissions for the PutEvents EventBridge action.
• C. Modify the Lambda function execution role to include permissions for the PutEvents EventBridge action.
• D. Add a resource-based policy to the Lambda function to include permissions for the PutEvents EventBridge action.

Correct answer: C

Explanation

To allow an AWS Lambda function to interact with other AWS services like Amazon EventBridge, you must grant the necessary permissions to its IAM execution role. Adding the PutEvents action to the execution role permits the function to publish events to the event bus, resolving the AccessDeniedException. Modifying developer credentials or adding a resource-based policy to the Lambda function will not authorize the function's outbound API calls.