A data engineer creates an AWS Lambda function that an Amazon EventBridge event will invoke. When the data engineer tries to invoke the Lambda function by using an EventBridge event, an AccessDeniedException message appears.
How should the data engineer resolve the exception?
When a Lambda function is triggered by an Amazon EventBridge event, the trust policy of the Lambda function's execution role must specify EventBridge as a trusted entity. This trust relationship allows EventBridge to assume the execution role and invoke the Lambda function. Ensuring that the trust policy is correctly configured will resolve the AccessDeniedException message.
The lambda resource based policy must allow the events principle to invoke the lambda function. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html#eb-schedule-create-rule and https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html#eb-schedule-create-rule Amazon SQS, Amazon SNS, Lambda, CloudWatch Logs, and EventBridge bus targets do not use roles, and permissions to EventBridge must be granted via a resource policy.
IAM Role for EventBridge: EventBridge needs permission to invoke the Lambda function. Lambda Resource-Based Policy: The Lambda function must have a resource-based policy that allows EventBridge to invoke it.
The trust policy is what grants an AWS service permission to use the role on behalf of the user. Without this trust relationship, EventBridge won’t have the necessary permissions to invoke the Lambda function.
Bro you don't assume the execution role. That's for Lambda to do its thing. EventBridge is just the trigger.
"B" is corect because the only way to resolve the AccessDeniedException message is to make sure both the IAM role for EventBridge and the Lambda function's resource-based policy have the necessary permissions.
Only B - makes sense