ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 165 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 165
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege, a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

  • A. Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access the required S3 objects.
  • B. Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
  • C. Create a Lambda function execution role. Attach a policy to the role that grants access to specific objects in the S3 bucket.
  • D. Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID as environment variables in Lambda. Use the environment variables to access the required S3 objects.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by fordiscussionstwo at Oct. 6, 2023, 2:15 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dilleman
Highly Voted 1 year, 8 months ago
Selected Answer: C
C should be correct: https://docs.aws.amazon.com/lambda/latest/operatorguide/least-privilege.html
upvoted 12 times
...
Digo30sp
Highly Voted 1 year, 8 months ago
Selected Answer: B
The correct answer is (B). Option (B) is the most secure way to configure S3 bucket access because the credentials are stored in a safe and secure location. AWS Secrets Manager uses public key cryptography to protect stored secrets.
upvoted 6 times
dezoito
1 year, 8 months ago
B goes against the least privilege principle beacuse it gives access to the whole bucket
upvoted 6 times
aws_god
8 months ago
It states: "grants access to specific objects in the S3 bucket" so it will not give access to the whole bucket
upvoted 1 times
...
Melisa202401
1 year, 2 months ago
Store credentials in aws secret manager, it will be rotated => so it comply the least privilege principle!
upvoted 1 times
...
...
...
65703c1
Most Recent 1 year, 1 month ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
SerialiDr
1 year, 5 months ago
Selected Answer: C
This is the most secure and recommended approach. By attaching an IAM policy to the Lambda execution role that grants access only to the specific S3 objects needed, you adhere to the principle of least privilege. This method also uses AWS's built-in mechanism for providing temporary credentials to the Lambda function, eliminating the need to manage access keys.
upvoted 2 times
...
LemonGremlin
1 year, 8 months ago
Selected Answer: C
C. Create a Lambda function execution role. Attach a policy to the role that grants access to specific objects in the S3 bucket.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel