Exam4Training

How should the security engineer correct the error?

A security engineer logs in to the AWS Lambda console with administrator permissions. The security engineer is trying to view logs in Amazon CloudWatch for a Lambda function that is named my Function.

When the security engineer chooses the option in the Lambda console to view logs in CloudWatch, an “error loading Log Streams" message appears.

The IAM policy for the Lambda function’s execution role contains the following:

How should the security engineer correct the error?
A . Move the logs:CreateLogGroup action to the second Allow statement.
B . Add the logs:PutDestination action to the second Allow statement.
C . Add the logs:GetLogEvents action to the second Allow statement.
D . Add the logs:CreateLogStream action to the second Allow statement.

Answer: D

Explanation:

CloudWatchLogsReadOnlyAccess doesn’t include "logs:CreateLogStream" but it includes "logs:Get*" https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-identity-based-access-control-cwl.html#:~:tex

Latest SCS-C02 Dumps Valid Version with 235 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version