ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 228 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 228
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps team has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr:* actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.

When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.

Which solution will resolve the issue?

  • A. Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
  • B. Modify the SNS topic policy to include configuration changes for EventBridge to publish to the SNS topic.
  • C. Modify the Lambda function's execution role to include configuration changes for custom AWS Config rules.
  • D. Modify all the ECR repository policies to grant AWS Config access to the necessary ECR API actions.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by xdkonorek2 at July 5, 2024, 1:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
youonebe
6 months ago
Selected Answer: A
Bad wording "fails to run" which sounds like to "fails to execute", which here it actually means "failed to invoke"
upvoted 1 times
...
ThiagoCruzRJ
10 months ago
Selected Answer: A
When you create a custom AWS Config rule that uses a Lambda function, AWS Config needs permission to invoke it. This is done by adding a resource-based policy to the Lambda function that explicitly permits AWS Config to invoke it. Without this permission, AWS Config cannot trigger the Lambda function, leading to the function failing to run.
upvoted 2 times
...
jamesf
11 months ago
Selected Answer: A
Option A is the best choice to resolve the issue. By modifying the Lambda function's resource policy to grant AWS Config permission to invoke the function, we address the root cause of the invocation failure. This ensures that AWS Config can successfully execute the custom rule using the Lambda function.
upvoted 1 times
...
d9iceguy
11 months, 1 week ago
Selected Answer: A
Resource policy should allow Config invocation
upvoted 2 times
...
amehim
11 months, 1 week ago
A. Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "config.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:region:account-id:function:function-name" } ] }
upvoted 2 times
...
tgv
11 months, 2 weeks ago
---> A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel