A company has an application that calls AWS Lambda functions. A code review shows that database credentials are stored in a Lambda function's source code, which violates the company's security policy. The credentials must be securely stored and must be automatically rotated on an ongoing basis to meet security policy requirements. What should a solutions architect recommend to meet these requirements in the MOST secure manner?
A) Store the password in AWS CloudHSM. Associate the Lambda function with a role that can use the key ID to retrieve the password from CloudHSM. Use CloudHSM to automatically rotate the password.
B) Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can use the secret ID to retrieve the password from Secrets Manager. Use Secrets Manager to automatically rotate the password.
C) Store the password in AWS Key Management Service (AWS KMS) . Associate the Lambda function with a role that can use the key ID to retrieve the password from AWS KMS. Use AWS KMS to automatically rotate the uploaded password.
D) Move the database password to an environment variable that is associated with the Lambda function. Retrieve the password from the environment variable by invoking the function. Create a deployment script to automatically rotate the password.
Correct Answer:
Verified
Q535: A solutions architect is designing storage for
Q536: A company recently launched a new service
Q537: A media company is using two video
Q538: A company is migrating to the AWS
Q539: A company is designing a new web
Q541: An online gaming company is designing a
Q542: A company is hosting a web application
Q543: A company runs an application in the
Q544: A company has a custom application running
Q545: A company is building its web application
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents