Answer-first summary for fast verification
Answer: Leverage AWS Systems Manager Parameter Store to store the environment variables as secure string parameters, providing runtime access with IAM permissions limited to the necessary Lambda functions.
The most cost-effective solution to secure sensitive data in AWS Lambda environment variables is to use AWS Systems Manager Parameter Store to store the variables as secure string parameters (Option D). Parameter Store allows you to securely store and manage strings of up to 4 KB and their encryption is managed by AWS KMS at no additional cost for the basic usage. This ensures that sensitive information is securely stored and only accessible with appropriate IAM permissions at runtime. This method is more cost-effective than using AWS Secrets Manager, which has additional costs associated with storing and managing secrets.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company with numerous AWS Lambda functions has identified a security concern where sensitive data is stored in plaintext within environment variables, accessible via the Lambda console. This sensitive data consists of only a few characters. What is the most cost-effective solution to secure this sensitive information?
A
Implement IAM policies within the Lambda console to restrict access to the environment variables.
B
Employ AWS Step Functions to manage the environment variables, granting runtime access with IAM permissions limited to the necessary Lambda functions.
C
Utilize AWS Secrets Manager to store the environment variables, ensuring runtime access with IAM permissions that are restricted to the required Lambda functions.
D
Leverage AWS Systems Manager Parameter Store to store the environment variables as secure string parameters, providing runtime access with IAM permissions limited to the necessary Lambda functions.
No comments yet.