A company has hundreds of AWS Lambda functions that the company's QA team needs to test b…

Question

A company has hundreds of AWS Lambda functions that the company's QA team needs to test by using the Lambda function URLs. A developer needs to configure the authentication of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda functions by using the public URLs. Which solution will meet these requirements?

Accepted Answer

Correct answer: A. A. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to create an IAM identity-based policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group. — To secure AWS Lambda function URLs so that only a specific QA IAM group can invoke them, the authentication type must be set to AWS_IAM. An identity-based policy containing the lambda:InvokeFunctionUrl permission can then be attached directly to the QA IAM group to grant access to the Lambda functions' ARNs. Using the NONE authentication type would make the URLs public to anyone, and resource-based policies cannot be attached directly to an IAM group.

AWS Certified Developer – Associate — Question 265

Answer options

Correct answer: A

Explanation