ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 244 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 244
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

An AWS Lambda function is running in a company’s shared AWS account. The function needs to perform an additional ec2:DescribeInstances action that is directed at the company’s development accounts. A developer must configure the required permissions across the accounts.

How should the developer configure the permissions to adhere to the principle of least privilege?

  • A. Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
  • B. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
  • C. Create an IAM role in the shared account. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship between the development accounts for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
  • D. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the ec2:DescribeInstances permission to the role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by didorins at Oct. 28, 2023, 9:40 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PrakashM14
Highly Voted 1 year, 1 month ago
Selected Answer: B
Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
upvoted 8 times
...
65703c1
Most Recent 7 months ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
SerialiDr
11 months, 1 week ago
Selected Answer: B
Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
upvoted 2 times
...
Snape
11 months, 3 weeks ago
Selected Answer: B
Classic case of cross account access (CAA)
upvoted 1 times
...
Kowsik_shashi
1 year, 2 months ago
Selected Answer: C
By using iam:AssumeRole, AWS allows you to implement the principle of least privilege, which means entities have only the permissions they require to perform specific tasks and nothing more.
upvoted 2 times
...
lbaker12
1 year, 2 months ago
Selected Answer: A
iam:AssumeRole doesn't exist it is sts:AssumeRole & creating IAM roles within development accounts is unnecessary work
upvoted 1 times
...
Claire_KMT
1 year, 2 months ago
B. Create an IAM role in the development accounts. Add the ec2:DescribeInstances permission to the role. Establish a trust relationship with the shared account for this role. Update the Lambda function IAM role in the shared account by adding the iam:AssumeRole permissions.
upvoted 1 times
...
didorins
1 year, 2 months ago
B To enable cross account AWS service actions, create role with required permissions in account which holds the resource. Enable trust relationship with account that will access the resource. Allow accessing account to assume the role.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel