Answer-first summary for fast verification
Answer: Leverage an Amazon S3 bucket for Root CA Cert storage with a resource-based policy for access., Refactor Lambda code to acquire the Root CA Cert and modify the runtime trust store externally from the Lambda handler.
The correct answers are C and E. Storing the Root CA Cert in an Amazon S3 bucket (Option C) is more cost-effective compared to using AWS Secrets Manager. Also, refactoring the Lambda code to load the Root CA Cert from its location and modifying the runtime trust store outside the Lambda function handler (Option E) ensures that the trust store is updated only once when the Lambda container is initialized. This avoids the need to rebuild or update all Lambda functions, making the solution efficient and scalable across all AWS accounts used for development, testing, and production.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company's custom 10 KB Root CA Cert is used for SSL in on-premises HTTPS and AWS Lambda functions. The Root CA Cert must be updated efficiently without rebuilding Lambda functions and must be applicable across separate AWS accounts for development, testing, and production. Identify the most cost-effective solution:
A
Utilize AWS Secrets Manager for storing the Root CA Cert with IAM policy access control.
B
Employ AWS Systems Manager Parameter Store for SecureString parameter storage and resource-based policy access management.
C
Leverage an Amazon S3 bucket for Root CA Cert storage with a resource-based policy for access.
D
Adjust Lambda code to fetch the Root CA Cert and update the runtime trust store internally within the Lambda handler.
E
Refactor Lambda code to acquire the Root CA Cert and modify the runtime trust store externally from the Lambda handler.
No comments yet.