Question #911
A company is using AWS Lambda to process data. The Lambda function needs to interact with Amazon DynamoDB. Which AWS service or feature should be used to grant the Lambda function the necessary permissions?
AWS Certificate Manager (ACM)
IAM roles
AWS Security Hub
Amazon GuardDuty
Explanation
The correct answer is B. IAM roles. AWS Identity and Access Management (IAM) roles are specifically designed to grant permissions to AWS services, such as Lambda, to access other AWS resources like DynamoDB. By attaching an IAM role with the appropriate permissions policy to the Lambda function, it gains the required access securely.
Why other options are incorrect:
- A. AWS Certificate Manager (ACM): Manages SSL/TLS certificates for securing domains, unrelated to permissions.
- C. AWS Security Hub: A security monitoring service that aggregates findings, not used for granting permissions.
- D. Amazon GuardDuty: A threat detection service for identifying malicious activity, not related to access control.
Key Points:
- IAM roles are the standard method for granting cross-service permissions in AWS.
- Lambda functions assume IAM roles to interact with AWS resources securely.
- DynamoDB access requires IAM policies defining allowed actions (e.g., dynamodb:PutItem).
Answer
The correct answer is: B