You are a developer at a company that has built a serverless application that allows users to make payments online. The applications consist of several Lambda functions and a DynamoDB table. This is implemented using a SAM template. However, when users want to see their transactions and update their payment information, they cannot do so. After debugging, you discover that the Lambda functions don’t have permissions to access records from the DynamoDB table. How will you resolve this issue using more tighter and secure AWS Managed Policy?

Answer options:

A.Create an IAM role using AWS Managed Policy AmazonDynamoDBFullAccess and attach to Lambda functions.
B.Use AmazonDynamoDBFullAccess policy template in the SAM template.
C.Use DynamoDBCrudPolicy policy template in the SAM template.
D.Create an IAM role using AWS Managed Policy AmazonDynamoDBReadOnlyAccess and attach to Lambda functions.

Answer: C
Option A is incorrect as providing full access to DynamoDB defeats AWS best practice of least privilege. There is no need to give access to all DynamoDB table APIs across all regions. The requirement is to read and update a table. Further setting up an IAM role will require a special acknowledgment to deploy the application which is not very efficient for maintainability of the application.
Option B is incorrect as providing full access to DynamoDB defeats AWS best practice of least privilege. There is no need to give access to all DynamoDB table APIs across all regions. The requirement is to read and update a table. 
Option C is CORRECT as DynamoDBCrudPolicy will give, create, read, update and delete permissions to a DynamoDB table which is tighter and more secure inline with the best practice of least privilege. It is also managed by AWS which would make it AWS`s responsibility to maintain the policy.
Option D is incorrect as providing read-only access to DynamoDB doesn’t meet the requirement is to read and update a table. Further setting up an IAM role will require a special acknowledgment to deploy the application which is not very efficient for maintainability of the application.
Reference:
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html