A company has developed a serverless web application on AWS, which includes components such as Amazon S3 for storage, API Gateway for managing APIs, Lambda functions for backend processing, and RDS for MySQL for database services. The application's source code, which consists of AWS SAM templates and Python scripts, is stored in AWS CodeCommit. A recent security audit identified that database authentication credentials are hardcoded within the CodeCommit repositories. To enhance security, a DevOps engineer is tasked with implementing a solution that automatically detects and prevents the inclusion of hardcoded secrets in the code. Which of the following solutions offers the highest level of security for addressing this issue?

Exam-Like

Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

16.7%

Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

50.0%

Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

16.7%

Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

16.7%

AWS Certified DevOps Engineer - Professional

Get started today

Comments