A company is using an organization in AWS Organizations to manage multiple AWS accounts.…

Question

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company's development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic File System (Amazon EFS) as shared storage in Account A in the organization. The company wants to continue to use Amazon EFS with Lambda. Company policy requires all serverless projects to be deployed in Account B. A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EFS access point. Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

Accepted Answer

Correct answer: A, D, F. A. Update the EFS file system policy to provide Account B with access to mount and write to the EFS file system in Account A. — D. Update the Lambda execution roles with permission to access the VPC and the EFS file system. E. Create a VPC peering connection to connect Account A to Account B. — F. Configure the Lambda functions in Account B to assume an existing IAM role in Account A. — The correct steps are A, D, and F. Step A ensures that Account B can access the EFS file system in Account A, while step D allows the Lambda execution roles to properly access the VPC and EFS. Step F enables Lambda functions in Account B to use the necessary IAM role from Account A. Steps B, C, and E are not required for this specific scenario; B focuses on permission guardrails rather than access, C introduces unnecessary complexity by creating a new EFS, and E is irrelevant as the accounts can communicate through the existing access point without a peering connection.

AWS Certified DevOps Engineer – Professional — Question 149

Answer options

Correct answer: A, D, F

Explanation