AWS Certified Developer – Associate — Question 123

An AWS Lambda function that Is running in a test environment is not working property. However, there is no error associated with the Lambda function in the Amazon CloudWatch logs for the account. The Lambda function's permissions do not include a resource-based policy. The Lambda function's execution role has properly configured trust relationships and has no permissions policies attached.

Which action should a developer take to allow logs for the Lambda function to appear in CloudWatch?

Answer options

• A. Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function's execution role.
• B. Set the AWSLambdaBasicExecutionRole managed policy as the Lambda function's resource-based policy.
• C. Attach the CloudWatchLambdaInsightsExecutionRolePolicy managed policy to the Lambda function's execution role.
• D. Set the CloudWatchLambdaInsightsExecutionRolePolicy managed policy as the Lambda function's resource-based policy.

Correct answer: A

Explanation

The correct answer is A because attaching the AWSLambdaBasicExecutionRole managed policy to the Lambda function's execution role grants the necessary permissions to write logs to CloudWatch. The other options are incorrect as they either involve resource-based policies, which are not applicable in this context, or involve different managed policies that do not provide the required logging permissions.