A developer creates an AWS Lambda function to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. All message content must be encrypted in transit and at rest between Lambda and Amazon SNS. A part of the Lambda execution role is as follows: Which combination of steps should the developer take to meet these requirements? (Choose two.)

Topic #: - All AWS Certified Developer Associate Questions

A. Enable server-side encryption on the SNS topic.
B. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify “aws:SecureTransport”: “trueג€ as the condition.
C. Create a VPC endpoint for Amazon SNS.
D. Add a StringEquals condition of “sns:Protocol”: “https” to the Lambda execution role.
E. Add a Deny statement to the Lambda execution role. Specify the SNS topic ARN as the resource. Specify “aws:SecureTransport”: “false” as the condition.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion