During a security audit of a Service team's application, a Solutions Architect discovers that a username and password for an Amazon RDS database and a set of AWS IAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database, and it uses the IAM credentials to call AWS services in a separate management account. The Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code. The management account and the Service team's account are in separate AWS Organizations organizational units (OUs) . Which combination of changes should the Solutions Architect make to improve the solution's security? (Choose two.)
A) Configure Lambda to assume a role in the management account with appropriate access to AWS.
B) Configure Lambda to use the stored database credentials in AWS Secrets Manager and enable automatic rotation.
C) Create a Lambda function to rotate the credentials every hour by deploying a new Lambda version with the updated credentials.
D) Use an SCP on the management account's OU to prevent IAM users from accessing resources in the Service team's account.
E) Enable AWS Shield Advanced on the management account to shield sensitive resources from unauthorized IAM access.
Correct Answer:
Verified
Q730: An AWS account owner has setup multiple
Q731: A financial company is using a high-performance
Q732: A company has several teams, and each
Q733: A company runs a popular public-facing ecommerce
Q734: A company has released a new version
Q736: A solutions architect needs to migrate 50
Q737: A company has an Amazon VPC that
Q738: A company has an application that uses
Q739: A company has a 24 TB MySQL
Q740: A company has developed a new release
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents