AWS Certified Developer – Associate — Question 423

A developer has created an AWS Lambda function to provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB. The developer has deployed and tested the Lambda function by using the CLI. However, when the event notification is added to the S3 bucket and a 3,000 MB file is uploaded, the Lambda function does not launch.
Which of the following is a possible reason for the Lambda function's inability to launch?

Answer options

• A. The S3 event notification does not activate for files that are larger than 1,000 MB.
• B. The resource-based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3.
• C. Lambda functions cannot be invoked directly from an S3 event.
• D. The S3 bucket needs to be made public.

Correct answer: B

Explanation

For Amazon S3 to trigger an AWS Lambda function, the function's resource-based policy must explicitly grant the S3 service permission to invoke it. When testing via the CLI, the developer used their own IAM identity, which bypassed this policy requirement. Other options are incorrect because S3 can invoke Lambda directly, there is no 1,000 MB limit for S3 event triggers, and making the bucket public is not required and violates security best practices.