ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Engineer - Associate DEA-C01 All Questions

View all questions & answers for the AWS Certified Data Engineer - Associate DEA-C01 exam
Go to Exam

Exam AWS Certified Data Engineer - Associate DEA-C01 topic 1 question 105 discussion

Exam question from Amazon's AWS Certified Data Engineer - Associate DEA-C01
Question #: 105
Topic #: 1
[All AWS Certified Data Engineer - Associate DEA-C01 Questions]

A data engineer creates an AWS Lambda function that an Amazon EventBridge event will invoke. When the data engineer tries to invoke the Lambda function by using an EventBridge event, an AccessDeniedException message appears.

How should the data engineer resolve the exception?

  • A. Ensure that the trust policy of the Lambda function execution role allows EventBridge to assume the execution role.
  • B. Ensure that both the IAM role that EventBridge uses and the Lambda function's resource-based policy have the necessary permissions.
  • C. Ensure that the subnet where the Lambda function is deployed is configured to be a private subnet.
  • D. Ensure that EventBridge schemas are valid and that the event mapping configuration is correct.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tgv at June 15, 2024, 11:06 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
artworkad
Highly Voted 1 year, 2 months ago
Selected Answer: B
The lambda resource based policy must allow the events principle to invoke the lambda function. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html#eb-schedule-create-rule and https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html#eb-schedule-create-rule Amazon SQS, Amazon SNS, Lambda, CloudWatch Logs, and EventBridge bus targets do not use roles, and permissions to EventBridge must be granted via a resource policy.
upvoted 5 times
...
Shanmahi
Most Recent 1 year ago
Selected Answer: B
Option B
upvoted 2 times
...
HunkyBunky
1 year, 1 month ago
Selected Answer: B
Only B - makes sense
upvoted 3 times
...
rpwags
1 year, 1 month ago
Selected Answer: B
"B" is corect because the only way to resolve the AccessDeniedException message is to make sure both the IAM role for EventBridge and the Lambda function's resource-based policy have the necessary permissions.
upvoted 3 times
...
GHill1982
1 year, 2 months ago
Selected Answer: A
The trust policy is what grants an AWS service permission to use the role on behalf of the user. Without this trust relationship, EventBridge won’t have the necessary permissions to invoke the Lambda function.
upvoted 2 times
didorins
1 year, 1 month ago
Bro you don't assume the execution role. That's for Lambda to do its thing. EventBridge is just the trigger.
upvoted 4 times
...
...
tgv
1 year, 2 months ago
Selected Answer: B
IAM Role for EventBridge: EventBridge needs permission to invoke the Lambda function. Lambda Resource-Based Policy: The Lambda function must have a resource-based policy that allows EventBridge to invoke it.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel