Answer-first summary for fast verification
Answer: Implement a Lambda@Edge function invoked on viewer request, with execution role permissions for AWS STS, and move SDK calls to this function.
Option A is the correct answer. Lambda@Edge functions allow running Lambda functions in response to CloudFront events. By using Lambda@Edge invoked on viewer request, the developer can securely manage AWS STS credentials without exposing them in the client-side code. The function’s execution role can be granted permissions to access AWS STS, enabling secure temporary credential generation. This approach ensures that all AWS SDK calls are made in a secure server-side environment, preventing any potential security risks from hardcoded credentials in the frontend code.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A social media app uses AWS SDK for JavaScript in the frontend to authenticate with AWS STS, stores assets in an S3 bucket, and serves content via a CloudFront distribution. The app's role credentials are hardcoded in a JSON file. How can the developer securely obtain user credentials without hardcoding credentials in the app code?
A
Implement a Lambda@Edge function invoked on viewer request, with execution role permissions for AWS STS, and move SDK calls to this function.
B
Use a CloudFront function invoked on viewer request, with execution role permissions for AWS STS, and move SDK calls to this function.
C
Deploy a Lambda@Edge function invoked on viewer request, incorporating credentials from the JSON file, and move SDK calls to this function.
D
Integrate a CloudFront function invoked on viewer request, incorporating credentials from the JSON file, and move SDK calls to this function.
No comments yet.