A developer has code stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same Region as the S3 bucket. The Lambda function will be deployed using an AWS CloudFormation template that is run for each account. What is the MOST secure approach to allow access to the Lambda code in the S3 bucket?
A) Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of "AWS": [account numbers].
B) Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of "*".
C) Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in the resource.
D) Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of "*" to allow access to the S3 bucket.

Question

Quizplus · Accepted Answer

The Answer of A developer has code stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same Region as the S3 bucket. The Lambda function will be deployed using an AWS CloudFormation template that is run for each account. What is the MOST secure approach to allow access to the Lambda code in the S3 bucket?
A) Grant the CloudFormation execution role S3 list and get permissions. Add a bucket policy to Amazon S3 with the Principal of "AWS": [account numbers].
B) Grant the CloudFormation execution role S3 get permissions. Add a bucket policy to Amazon S3 with the Principal of "*".
C) Use a service-based link to grant the Lambda function S3 list and get permissions by explicitly adding the S3 bucket's account number in the resource.
D) Use a service-based link to grant the Lambda function S3 get permissions and add a Resource of "*" to allow access to the S3 bucket.

A Developer Has Code Stored in an Amazon S3 Bucket