Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
In an audit monitoring system using Amazon OpenSearch Service, how should a developer securely pass OpenSearch Service domain master user credentials to an associated AWS Lambda function through a CloudFormation custom resource?
A
Deploy credentials via CloudFormation parameters to both the OpenSearch domain's MasterUserOptions and Lambda's environment variable, applying the NoEcho attribute.
B
Deploy credentials to the OpenSearch domain's MasterUserOptions using CloudFormation parameters and store them in AWS Systems Manager Parameter Store, assigning an IAM role with ssm:GetParameter permission to Lambda for runtime resolution.
C
Deploy credentials to the OpenSearch domain's MasterUserOptions and Lambda's environment variable using encrypted CloudFormation parameters with AWS KMS.
D
Create and retrieve an AWS Secrets Manager secret for the OpenSearch domain's MasterUserOptions, granting Lambda an IAM role with secretsmanager:GetSecretValue permission for runtime secret resolution.
