KEMBAR78
Note | PDF
Scribd
Upload
5 views1 page

Note

The document discusses how to securely configure access to an Amazon S3 bucket for an AWS Lambda application that requires access to confidential objects. It presents four options for granting access, emphasizing the principle of least privilege. The most secure method is to create a Lambda function execution role and attach a policy that grants access to specific S3 objects.

Uploaded by

datnv291099
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
5 views1 page

Note

The document discusses how to securely configure access to an Amazon S3 bucket for an AWS Lambda application that requires access to confidential objects. It presents four options for granting access, emphasizing the principle of least privilege. The most secure method is to create a Lambda function execution role and attach a policy that grants access to specific S3 objects.

Uploaded by

datnv291099
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

An application that runs on AWS Lambda requires access to specific highly

confidential objects in an Amazon S3 bucket. In accordance with the principle of


least privilege, a company grants access to the S3 bucket by using only temporary
credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

A. Hardcode the credentials that are required to access the S3 objects in the
application code. Use the credentials to access the required S3 objects.
B. Create a secret access key and access key ID with permission to access the S3
bucket. Store the key and key ID in AWS Secrets Manager. Configure the application
to retrieve the Secrets Manager secret and use the credentials to access the S3
objects.
C. Create a Lambda function execution role. Attach a policy to the role that grants
access to specific objects in the S3 bucket.
D. Create a secret access key and access key ID with permission to access the S3
bucket. Store the key and key ID as environment variables in Lambda. Use the
environment variables to access the required S3 objects.

You might also like