AWS Certified Developer – Associate (DVA-C02) — Question 419

A developer is creating a solution to track an account's Amazon S3 buckets over time. The developer has created an AWS Lambda function that will run on a schedule. The function will list the account's S3 buckets and will store the list in an Amazon DynamoDB table. The developer receives a permissions error when the developer runs the function with the AWSLambdaBasicExecutionRole AWS managed policy.

Which combination of permissions should the developer use to resolve this error? (Choose two.)

Answer options

• A. Cross-account IAM role
• B. Permission for the Lambda function to list buckets in Amazon S3
• C. Permission for the Lambda function to write in DynamoDB
• D. Permission for Amazon S3 to invoke the Lambda function
• E. Permission for DynamoDB to invoke the Lambda function

Correct answer: B, C

Explanation

The AWSLambdaBasicExecutionRole only grants the Lambda function permission to upload logs to Amazon CloudWatch, meaning it lacks permissions to interact with other AWS services. To successfully run the function, its execution role must be updated to allow listing S3 buckets and writing to the DynamoDB table. Permissions for S3 or DynamoDB to invoke the Lambda function are unnecessary because the function is triggered by a schedule, not by events from those services.