Answer-first summary for fast verification
Answer: Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
The most secure solution for automatically detecting and preventing hardcoded secrets in the code is to use Amazon CodeGuru Reviewer. By associating the CodeCommit repository with Amazon CodeGuru Reviewer, you can have automatic code reviews that detect any hardcoded secrets. When a hardcoded secret is detected, CodeGuru Reviewer will recommend updating the code to retrieve the secret from a secure storage service like AWS Secrets Manager. Therefore, the correct option is B: Associate the CodeCommit repository with Amazon CodeGuru Reviewer, check the code review for any recommendations, and update the SAM templates and Python code to retrieve the secrets from AWS Secrets Manager.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has developed a serverless web application on AWS, which includes components such as Amazon S3 for storage, API Gateway for managing APIs, Lambda functions for backend processing, and RDS for MySQL for database services. The application's source code, which consists of AWS SAM templates and Python scripts, is stored in AWS CodeCommit. A recent security audit identified that database authentication credentials are hardcoded within the CodeCommit repositories. To enhance security, a DevOps engineer is tasked with implementing a solution that automatically detects and prevents the inclusion of hardcoded secrets in the code. Which of the following solutions offers the highest level of security for addressing this issue?
A
Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.
B
Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
C
Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
D
Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.