AWS Certified Developer – Associate — Question 214

A developer is troubleshooting a new AWS Lambda function. The function should run automatically each time a new object is uploaded to an Amazon S3 bucket. The function is supposed to read the object, make modifications, and overwrite the object with the new version. The developer finds that all calls failed within the function code.

Which of the following are possible reasons for this failure? (Choose two.)

Answer options

• A. The function resource policy does not allow access from Amazon S3.
• B. The function execution role does not allow access from Amazon S3.
• C. The function execution role does not allow access to Amazon S3.
• D. The S3 bucket policy does not allow access from the Lambda function.
• E. The S3 bucket policy does not allow access to the Lambda function.

Correct answer: C, D

Explanation

Option C is correct because the execution role must have permissions to access Amazon S3 in order to read and overwrite objects. Option D is also correct since the S3 bucket's policy must allow the Lambda function to perform actions on it; if not, the function will fail to execute properly. The other options do not accurately describe the required permissions or roles involved in this scenario.