You are creating a Lambda function that will be triggered by a CloudWatch Event. The data from these events need to be stored in a DynamoDB table. How should the Lambda function be given access to the DynamoDB table?

Answer options:

A.Put the AWS Access keys in the Lambda function since the Lambda function by default is secure.
B.Use an IAM role that has permissions to the DynamoDB table and attach it to the Lambda function.
C.Use the AWS Access keys which have access to DynamoDB and then place it in an S3 bucket.
D.Create a VPC endpoint for the DynamoDB table. Access the VPC endpoint from the Lambda function.

Answer: B
Options A is incorrect because to provide access to AWS services always go with IAM roles and not the access keys.
Option B is CORRECT because AWS Lambda functions use roles to interact with other AWS services. So an IAM role that has permissions to the DynamoDB table should be attached to the Lambda function.
Options C is incorrect because to provide access to AWS services, always go with IAM roles and not the access keys.
Option D is incorrect because the VPC endpoint is used to connect AWS services within the AWS network. This does not help to resolve the permission issue of Lambda.
For more information on Lambda, kindly refer to the following URL:
https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html