A company is implementing AWS Lambda functions to interact with an Amazon RDS for PostgreSQL database across both QA and production environments. The company requires a secure method to manage database credentials without embedding them in the application code, and it must support automatic password rotation. Which solution meets these security and operational requirements?

Exam-Like

Store the database credentials for both environments in AWS Systems Manager Parameter Store, encrypt them using an AWS Key Management Service (AWS KMS) key, and retrieve them in the Lambda functions' application code via the AWS SDK for Python (Boto3). Assign a role to the Lambda functions granting access to the Parameter Store parameter.

0.0%

Store the database credentials for both environments in AWS Secrets Manager, using separate entries for QA and production, enable automatic rotation, and reference the Secrets Manager key as an environment variable for the Lambda functions.

100.0%

Store the database credentials for both environments in AWS Key Management Service (AWS KMS), enable rotation, and reference the credentials stored in AWS KMS as an environment variable for the Lambda functions.

0.0%

Create distinct S3 buckets for the QA and production environments, enable server-side encryption with AWS KMS keys (SSE-KMS), and use an object naming convention that allows each Lambda function's application code to fetch the appropriate credentials for its environment. Grant each Lambda function's execution role access to Amazon S3.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments