Question 123 of 310 from exam SCS-C01: AWS Certified Security - Specialty
Question
A company has set up the following structure to ensure that their S3 buckets always have logging enabled. If there are any changes to the configuration to an S3 bucket, a config rule gets checked.
If logging is disabled, a Lambda function is invoked.
This Lambda function will again enable logging on the S3 bucket. Now there is an issue being encountered with the entire flow.
You have verified that the Lambda function has been invoked.
But when logging is disabled for the bucket, the lambda function does not enable it again.
Which of the following could be an issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
The most probable cause is that the Lambda function does not have the appropriate permissions on the S3 bucket to make the relevant changes.
Option A is incorrect because the AWS Config rule should be proper as the Lambda has been triggered.
Option B is CORRECT because the Lambda function may not have enough permissions to enable the S3 logging.
Option C is incorrect because the language of the Lambda function does not influence the result in this scenario.
Option D is incorrect because the AWS Config rule can trigger the Lambda function.
There is no need to use an API gateway in this case.
For more information on accessing resources from a Lambda function, please refer to the below URL:
https://docs.aws.amazon.com/lambda/latest/dg/accessing-resources.html