volume_mute

S3 wants to send an event to a Lambda function, what policy should you use for this to be allowed?

publish date2024/08/30 00:17:5.096412 UTC

volume_mute
Resource-based policy
IAM execution policy

Correct Answer

Resource-based policy

Explanation

  • Resource-Based Policy:
    This policy is attached directly to the Lambda function and grants permissions to specific AWS services (like S3) to invoke the function. This is the appropriate policy type for this use case because it explicitly allows S3 to trigger the Lambda function.

  • IAM Execution Role:
    The IAM execution role is used to grant permissions to the Lambda function itself to access other AWS services (like S3, DynamoDB, etc.) while it is running. However, this role does not control whether S3 can invoke the Lambda function.

 

Reference

AWS Skill Builder

Quizzes you can take where this question appears