In an audit monitoring system using Amazon OpenSearch Service, how should a developer securely pass OpenSearch Service domain master user credentials to an associated AWS Lambda function through a CloudFormation custom resource?

Exam-Like

Deploy credentials via CloudFormation parameters to both the OpenSearch domain's MasterUserOptions and Lambda's environment variable, applying the NoEcho attribute.

12.5%

Deploy credentials to the OpenSearch domain's MasterUserOptions using CloudFormation parameters and store them in AWS Systems Manager Parameter Store, assigning an IAM role with ssm:GetParameter permission to Lambda for runtime resolution.

25.0%

Deploy credentials to the OpenSearch domain's MasterUserOptions and Lambda's environment variable using encrypted CloudFormation parameters with AWS KMS.

12.5%

Create and retrieve an AWS Secrets Manager secret for the OpenSearch domain's MasterUserOptions, granting Lambda an IAM role with secretsmanager:GetSecretValue permission for runtime secret resolution.

50.0%

AWS Certified Developer - Associate

Get started today

Comments

In an audit monitoring system using Amazon OpenSearch Service, how should a developer securely pass OpenSearch Service domain master user credentials to an associated AWS Lambda function through a CloudFormation custom resource?