Amazon Exam DVA-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DVA-C02 exam

Question #: 29
Topic #: 6

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

AHardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access me required S3 objects.

BCreate a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects.

CCreate a Lambda function execution role Attach a policy to the rote that grants access to specific objects in the S3 bucket.

DCreate a secret access key and access key ID with permission to access the S3 bucket Store the key and key ID as environment variables m Lambda. Use the environment variables to access the required S3 objects.

Show Suggested Answer

Suggested Answer: A

Amazon Cognito User Pools:A managed user directory service, simplifying user registration and login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google, Facebook), reducing development effort.

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials independently.

Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html

by Yvette at Jun 23, 2024, 10:01 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lamar

15 days ago

I'm not a fan of hardcoding credentials in the application code (Option A). That's a big security risk. Option B and D seem better, but I think Option C is the most secure and recommended approach.

upvoted 0 times

...

Ailene

20 days ago

Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.

upvoted 0 times

Haydee

5 days ago

B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.

upvoted 0 times

...