Answer-first summary for fast verification
Answer: Utilizing environment variables linked to AWS Secrets Manager secrets with automatic rotation enabled.
Option C is the correct answer. AWS Secrets Manager is specifically designed to securely store and automatically rotate secrets such as database credentials. This ensures that the credentials are handled securely and meet the company's policy for automatic rotation. Additionally, AWS CodeBuild natively supports retrieving secrets from Secrets Manager, making this option both secure and straightforward to implement. The other options either involve less secure methods (hardcoding or plaintext) or require manual rotation or additional configurations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a deployment pipeline with an AWS CodeBuild stage requiring database access for integration tests, which method ensures the most secure handling of database credentials, given a company policy for automatic credential rotation?
A
Hardcoding credentials in the buildspec.yml file and using an AWS Lambda function for credential rotation.
B
Using environment variables linked to AWS Systems Manager Parameter Store SecureString parameters with automatic rotation configured.
C
Utilizing environment variables linked to AWS Secrets Manager secrets with automatic rotation enabled.
D
Using environment variables with plaintext connection strings and an Amazon EventBridge event for credential rotation.
No comments yet.