AWS Certified Developer – Associate — Question 170

A developer is automating a new application deployment with AWS Serverless Application Model (AWS SAM). The new application has one AWS Lambda function and one Amazon S3 bucket. The Lambda function must access the S3 bucket to only read objects.

How should the developer configure AWS SAM to grant the necessary read privilege to the S3 bucket?

Answer options

• A. Reference a second Lambda authorizer function.
• B. Add a custom S3 bucket policy to the Lambda function.
• C. Create an Amazon Simple Queue Service (SQS) topic for only S3 object reads Reference the topic in the template.
• D. Add the S3ReadPolicy template to the Lambda function's execution role.

Correct answer: D

Explanation

The correct answer is D because adding the S3ReadPolicy template to the Lambda function's execution role provides the necessary permissions for the function to read objects from the S3 bucket. Option A is irrelevant as Lambda authorizers are not needed for S3 access. Option B does not directly grant the required permissions in the Lambda execution role, and option C introduces unnecessary complexity by using SQS instead of directly granting access to S3.