Free AWS Certified Developer Associate DVA-C02 Practice Question
A company has developed a new web application deployed on AWS, which includes a set of Lambda functions that interface with DynamoDB tables. The development team wants to ensure that each function has only the permissions necessary to perform its intended tasks with the DynamoDB tables. Which of the following is the BEST approach to manage access control efficiently and securely?
Group Lambda functions by the type of responsibility they have and assign the same IAM role to functions within the same group to simplify management.
Create an individual IAM role for each Lambda function corresponding to the specific operations it needs to perform on the DynamoDB tables, and assign the roles to their respective functions.
Avoid using IAM roles and instead embed the necessary access keys directly within the Lambda function's code to ensure they have sufficient permissions.
Assign all Lambda functions to a single general IAM role that grants full access to all DynamoDB operations to ensure there are no permission-related errors.
