AWS Certified Cloud Practitioner / Question #911 of 719

Question #911

A company is using AWS Lambda to process data. The Lambda function needs to interact with Amazon DynamoDB. Which AWS service or feature should be used to grant the Lambda function the necessary permissions?

A

AWS Certificate Manager (ACM)

B

IAM roles

C

AWS Security Hub

D

Amazon GuardDuty

Explanation

The correct answer is B. IAM roles. AWS Identity and Access Management (IAM) roles are specifically designed to grant permissions to AWS services, such as Lambda, to access other AWS resources like DynamoDB. By attaching an IAM role with the appropriate permissions policy to the Lambda function, it gains the required access securely.

Why other options are incorrect:
- A. AWS Certificate Manager (ACM): Manages SSL/TLS certificates for securing domains, unrelated to permissions.
- C. AWS Security Hub: A security monitoring service that aggregates findings, not used for granting permissions.
- D. Amazon GuardDuty: A threat detection service for identifying malicious activity, not related to access control.

Key Points:
- IAM roles are the standard method for granting cross-service permissions in AWS.
- Lambda functions assume IAM roles to interact with AWS resources securely.
- DynamoDB access requires IAM policies defining allowed actions (e.g., dynamodb:PutItem).

Answer

The correct answer is: B