DVA-C02 · Question #217
A developer must provide an API key to an AWS Lambda function to authenticate with a third- party system. The Lambda function will run on a schedule. The developer needs to ensure that the API key rem
The correct answer is A. Store the API key as a Lambda environment variable by using an AWS Key Management Service. Storing the API key as a Lambda environment variable using an AWS Key Management Service (AWS KMS) customer-managed key is the most secure solution. AWS KMS is a managed encryption service that provides customer-managed keys. Customer-managed keys are encrypted with an AWS KMS ma
Question
A developer must provide an API key to an AWS Lambda function to authenticate with a third- party system. The Lambda function will run on a schedule. The developer needs to ensure that the API key remains encrypted at rest. Which solution will meet these requirements?
Options
- AStore the API key as a Lambda environment variable by using an AWS Key Management Service
- BConfigure the application to prompt the user to provide the password to the Lambda function on
- CStore the API key as a value in the application code.
- DUse Lambda@Edge and only communicate over the HTTPS protocol.
How the community answered
(46 responses)- A74% (34)
- B15% (7)
- C7% (3)
- D4% (2)
Explanation
Storing the API key as a Lambda environment variable using an AWS Key Management Service (AWS KMS) customer-managed key is the most secure solution. AWS KMS is a managed encryption service that provides customer-managed keys. Customer-managed keys are encrypted with an AWS KMS master key, which is stored in an AWS KMS vault.
Community Discussion
No community discussion yet for this question.