A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials need to be removed from the Lambda source code. The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements. What should a solutions architect recommend to meet these requirements?
A) Store the password in AWS CloudHSM. Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID.
B) Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID.
C) Move the database password to an environment variable associated with the Lambda function. Retrieve the password from the environment variable upon execution.
D) Store the password in AWS Key Management Service (AWS KMS) . Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.
Correct Answer:
Verified
Q46: An application runs on Amazon EC2 instances
Q47: A company's web application is running on
Q48: A company has 150 TB of archived
Q49: A Solutions Architect must design a web
Q50: A company's operations team has an existing
Q52: A company runs multiple Amazon EC2 Linux
Q53: A healthcare company stores highly sensitive patient
Q54: A public-facing web application queries a database
Q55: A solutions architect needs to design a
Q56: An application requires a development environment (DEV)
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents