Requirement Summary:
Lambda function:
Retrieves an item fromDynamoDB
Updates its attributesor creates it if it does not exist
Hasprimary key
Needsminimum required IAM permissions
Analysis of Required Permissions:
Toget an itemandupdate it or create it if it doesn't exist, the Lambda function must use the **PutItem** or **UpdateItem** API, and read with **GetItem**.
✅Valid API options:
GetItem: Read the item from the table.
UpdateItem: Update existing item attributes or insert if it doesn't exist (withUpdateExpressionandConditionExpression).
When UpdateItem is used without a conditional check for existence, it cancreatea new item if it does not exist (acts like upsert).
DescribeTable: (Optional) Used if you need table metadata (not strictly required here).
Evaluate the Choices:
Option A:
✅Close, but PutItemoverwrites the full item, not update-in-place. Acceptable, butUpdateItemis better suited.
Option B:
UpdateItem –✅Required to modify attributes or insert new item
GetItem –✅Required to check existence or read data
DescribeTable –✅Optional, but not harmful
✅✅BEST FIT – Matches theupdate-or-createlogic.
Option C:
GetRecords –❌This is used forDynamoDB Streams, not standard GetItem
PutItem –✅
UpdateTable –❌Used to change table settings,not data manipulation
❌Incorrect usage context
Option D:
UpdateItem, GetItem, PutItem –✅all valid
But UpdateItem alone is sufficient; including PutItem might not be necessary Also, image is faded (possibly invalid), and it's redundant
UpdateItem API:https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html
PutItem vs UpdateItem:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html
IAM actions for DynamoDB:https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html
