Answer-first summary for fast verification
Answer: Employ AWS Lambda environment variables encrypted by a customer-managed KMS key.
The most suitable option to satisfy the requirements is B. Storing the API key in AWS Lambda environment variables encrypted by a customer-managed AWS KMS key ensures full control over the encryption key, and the Lambda environment can securely manage and restrict access to the key. Options A, C, and D do not meet the requirement of using a customer-managed key for encryption and controlling the visibility to authorized entities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a serverless application, an API key is required for third-party authentication. The company seeks a secure method to integrate this key into AWS Lambda, with encryption managed by a customer-controlled AWS KMS key and restricted visibility to authorized entities. Which approach aligns with these criteria?
A
Utilize AWS Systems Manager Parameter Store with the default KMS key for string parameter storage.
B
Employ AWS Lambda environment variables encrypted by a customer-managed KMS key.
C
Incorporate the API key into the code repository, encrypted by an AWS managed key.
D
Place the API key within an Amazon DynamoDB record, encrypted with an AWS managed key.