Answer-first summary for fast verification
Answer: Employ AWS SDK ssm:PutParameter in Lambda to store credentials as SecureString parameters post-retrieval.
The correct answer is B. This approach uses the AWS SDK ssm:PutParameter operation within the Lambda function to store the API credentials as a SecureString parameter in AWS Systems Manager Parameter Store. This ensures the credentials are encrypted using AWS Key Management Service (KMS), providing secure storage with minimal operational overhead. Option A is incorrect because AWS Secrets Manager GenerateSecretString generates a random string, not suitable for storing existing API credentials. Option C's NoEcho attribute does not apply to security at the level needed here. Option D incorrectly assigns the NoEcho attribute to AWS SDK ssm:PutParameter, which is specifically for AWS CloudFormation templates.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A developer seeks a secure, low-overhead method to store API credentials for a dashboard displaying multiple bank accounts, using an AWS Lambda function with AWS CloudFormation. Which approach best meets these criteria?
A
Integrate AWS Secrets Manager GenerateSecretString in the CloudFormation template for new credential storage.
B
Employ AWS SDK ssm:PutParameter in Lambda to store credentials as SecureString parameters post-retrieval.
C
Utilize CloudFormation to add a Systems Manager Parameter Store resource with NoEcho for new credential references.
D
Apply AWS SDK ssm:PutParameter in Lambda to store credentials as parameters with NoEcho, referencing new credentials.
No comments yet.