Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 5 Question 35 Discussion

A DevOps learn has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr:' actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.Which solution will resolve the issue?
A) Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
B) Modify the SNS topic policy to include configuration changes for EventBridge to publish to the SNS topic.
C) Modify the Lambda function's execution role to include configuration changes for custom AWS Config rules.
D) Modify all the ECR repository policies to grant AWS Config access to the necessary ECR API actions. Step 1: Understanding Lambda Permissions and AWS Config The custom AWS Config rule evaluates resources and invokes an AWS Lambda function when a compliance check is triggered. For AWS Config to invoke the Lambda function, it requires permission to do so. Issue: The Lambda function fails to execute because AWS Config doesn't have permission to invoke it. Action: Modify the resource-based policy of the Lambda function to grant AWS Config permission to invoke the Lambda function. Why: Without this permission, AWS Config cannot trigger the Lambda function, which is why the evaluation fails.

Amazon DOP-C02 Exam - Topic 5 Question 35 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 35
Topic #: 5
[All DOP-C02 Questions]

A DevOps learn has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr:' actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.

When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.

Which solution will resolve the issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

This corresponds to Option A: Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.

by Marge at Sep 19, 2024, 01:07 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Donette
6 months ago
C seems off; it's all about the Lambda's resource policy, not the execution role.
upvoted 0 times
...
Lauran
6 months ago
Wait, so AWS Config can't trigger the Lambda without permission? That's surprising!
upvoted 0 times
...
Selene
7 months ago
I thought modifying the SNS topic policy would help, but I guess not?
upvoted 0 times
...
Anika
7 months ago
Definitely A! AWS Config needs that permission to invoke it.
upvoted 0 times
...
Terina
7 months ago
Sounds like a permissions issue with the Lambda function.
upvoted 0 times
...
Shaunna
7 months ago
I’m a bit confused about the execution role. Could modifying the Lambda function's execution role actually resolve the invocation issue?
upvoted 0 times
...
Nikita
7 months ago
This reminds me of a practice question where we had to adjust permissions for Lambda. I think option A makes the most sense here.
upvoted 0 times
...
Georgeanna
8 months ago
I'm not entirely sure, but I feel like modifying the SNS topic policy might not be the right approach since the Lambda function is the one failing to run.
upvoted 0 times
...
Gail
8 months ago
I remember studying Lambda permissions, and I think the issue is likely that AWS Config needs permission to invoke the Lambda function.
upvoted 0 times
...
Rose
8 months ago
I think the solution here is to modify the ECR repository policies to give AWS Config the necessary permissions to access the ECR API actions. That way, the custom rule can properly monitor the ECR policy statements.
upvoted 0 times
...
Nu
8 months ago
Okay, got it. The key is to modify the Lambda function's resource policy to grant AWS Config the permission to invoke it. That should resolve the issue and allow the custom rule to work as expected.
upvoted 0 times
...
Louvenia
8 months ago
Hmm, I'm a bit confused here. Is the problem with the SNS topic policy or the Lambda function's execution role? I'll need to review the details more carefully to figure out the right solution.
upvoted 0 times
...
Vi
8 months ago
This seems like a straightforward permissions issue. I'd start by checking the Lambda function's resource policy to make sure AWS Config has the necessary permissions to invoke it.
upvoted 0 times
...
Lottie
8 months ago
This is a good test of our understanding of disaster recovery scenarios. I'm pretty confident the correct answers are B and D - the processes would resume with the next available queue item, and the queue item being worked on would need to be manually marked as an exception.
upvoted 0 times
...
Ariel
2 years ago
Hold up, what if the Lambda function is also responsible for publishing to the SNS topic? Then B might be the solution. Gotta love these tricky AWS exam questions!
upvoted 0 times
...
Tenesha
2 years ago
Haha, I bet the person who wrote this question was just trying to trick us. A is the clear winner here, no need to overcomplicate things.
upvoted 0 times
Shay
2 years ago
C) Modify the Lambda function's execution role to include configuration changes for custom AWS Config rules.
upvoted 0 times
...
Garry
2 years ago
B) Modify the SNS topic policy to include configuration changes for EventBridge to publish to the SNS topic.
upvoted 0 times
...
Holley
2 years ago
Definitely, no need to overthink it. A is the clear winner.
upvoted 0 times
...
Nan
2 years ago
A) Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
upvoted 0 times
...
Lonny
2 years ago
I agree, A is the best solution. Simple and straightforward.
upvoted 0 times
...
Mee
2 years ago
A) Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
upvoted 0 times
...
...
Marquetta
2 years ago
I also think modifying the Lambda function's resource policy is the correct solution. It makes sense to grant AWS Config permission to invoke the function.
upvoted 0 times
...
Helaine
2 years ago
I agree with Levi. Without the permission, AWS Config cannot trigger the Lambda function, causing the evaluation to fail.
upvoted 0 times
...
Wai
2 years ago
Hmm, I'm not sure. Wouldn't D also work? Giving AWS Config access to the ECR API actions might be another way to resolve the problem.
upvoted 0 times
...
Levi
2 years ago
I think the solution is to modify the Lambda function's resource policy to grant AWS Config permission to invoke the function.
upvoted 0 times
...
Avery
2 years ago
I think C is the way to go. Modifying the Lambda function's execution role to include the necessary permissions for the custom Config rule should do the trick.
upvoted 0 times
Jess
2 years ago
D: I agree. Without the necessary permissions, the Lambda function won't be able to run when triggered by AWS Config.
upvoted 0 times
...
Sabra
2 years ago
C: A sounds like the correct solution. Granting AWS Config permission to invoke the function is crucial for it to work properly.
upvoted 0 times
...
Fausto
2 years ago
B: That makes sense. It's important to ensure that AWS Config has the permission to invoke the Lambda function.
upvoted 0 times
...
Leah
2 years ago
A: I think C is the way to go. Modifying the Lambda function's execution role to include the necessary permissions for the custom Config rule should do the trick.
upvoted 0 times
...
...
India
2 years ago
The solution is definitely A. AWS Config needs permission to invoke the Lambda function, and that's what the resource policy is for. Anything else won't fix the issue.
upvoted 0 times
Kent
2 years ago
C: Definitely, without granting permission, AWS Config can't trigger the Lambda function.
upvoted 0 times
...
Socorro
2 years ago
B: Yeah, modifying the Lambda function's resource policy is the way to go.
upvoted 0 times
...
Dyan
2 years ago
A: I think the solution is A. AWS Config needs permission to invoke the Lambda function.
upvoted 0 times
...
...

Save Cancel