Practice free →
HomeAWS Developer Associatecloudcomputingawsdevsecurity › Which mechanism lets a Lambda function call S3, …

Which mechanism lets a Lambda function call S3, DynamoDB, etc. WITHOUT storing long-lived credentials in the code or environment?

AAn IAM user's access key shared with all team members
BStatic credentials stored in a public S3 bucket
CThe Lambda execution role (AWS injects short-lived STS credentials at runtime)
DHard-coded access keys in the function's source code
Answer & Solution
Correct answer: C. The Lambda execution role (AWS injects short-lived STS credentials at runtime)
Execution roles deliver short-lived STS credentials via Lambda's environment — no static keys. The other options leak credentials.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions