Question #773
A developer is designing an AWS Lambda function that interacts with Amazon DynamoDB. The function must retrieve an item and modify specific attributes if the item exists, or create the item with those attributes if it does not exist. The Lambda function has access to the item's primary key.
Which IAM permissions should be granted to the Lambda function to fulfill this requirement?
dynamodb:DeleteItem, dynamodb:GetItem, dynamodb:PutItem
dynamodb:UpdateItem, dynamodb:GetItem, dynamodb:DescribeTable
dynamodb:GetRecords, dynamodb:PutItem, dynamodb:UpdateTable
dynamodb:UpdateItem, dynamodb:GetItem, dynamodb:PutItem
Explanation
The Lambda function needs three permissions:
1. dynamodb:GetItem: To check if the item exists.
2. dynamodb:UpdateItem: To modify specific attributes of the item if it exists.
3. dynamodb:PutItem: To create the item with the required attributes if it does not exist.
Why other options are incorrect:
- A: Includes DeleteItem, which is unnecessary for this use case.
- B: Lacks PutItem, which is required to create a new item.
- C: Uses GetRecords (for DynamoDB Streams) and UpdateTable (for table configuration), which are irrelevant to item-level operations.
Key Points:
- Use GetItem to retrieve items.
- Use UpdateItem to modify existing items.
- Use PutItem to create new items.
- Avoid unnecessary permissions like DeleteItem or DescribeTable unless explicitly required.
Answer
The correct answer is: D