Home › AWS Developer Associate › cloudcomputing › awsdevelopment › Which AWS feature lets developers attach short-l…
Which AWS feature lets developers attach short-lived AWS credentials to a Lambda function (or any compute resource) so it can call other AWS APIs without storing static keys?
AAn IAM execution role attached to the function, which AWS swaps in via STS
BA public S3 bucket containing the credentials in plain text
CA hard-coded access key embedded in the deployment package
DAn access key emailed to every developer for shared use
Answer & Solution
Correct answer: A. An IAM execution role attached to the function, which AWS swaps in via STS
Execution roles deliver STS-issued short-lived credentials at runtime via Lambda's runtime; no static keys to leak. The other options leak credentials and violate least-privilege.
Related questions
A Lambda function reads from a Kinesis Data Stream. Throughput is fine on average but spikAn API Gateway REST API in front of Lambda needs to authenticate requests using a Cognito Which strategy allows a Lambda function inside a VPC to access the internet (e.g., to callA serverless app needs to fan out a single event to multiple downstream Lambda functions, A Lambda function processes a large file from S3. Cold starts are unacceptably long on JavWhat does it mean for an API endpoint to be IDEMPOTENT?A Lambda function is processing messages from an SQS queue. Some messages fail repeatedly.Which Lambda configuration setting most directly affects the function's CPU and network pe