AWS Certified Developer Associate DVA-C02 Practice Question
An organization is deploying a serverless application using AWS Lambda that requires connectivity to a proprietary database. It is crucial to ensure that the database credentials are neither embedded in the application's codebase nor exposed in any configuration files. As the developer for this project, which approach should you employ to most securely handle the credentials and facilitate their automatic rotation?
Use AWS Systems Manager Parameter Store to store the credentials as SecureString parameters.
Store the credentials in AWS Secrets Manager and grant the Lambda function's execution role permission to retrieve them at runtime.
Store the database credentials as environment variables within the Lambda function's configuration.
Embed the database credentials directly within the application's source code for simplicity.
The correct solution is to use AWS Secrets Manager. This service is specifically designed for securely storing, managing, and retrieving secrets like database credentials, and it offers native support for automatic credential rotation for supported databases like Amazon RDS. Storing sensitive data in Lambda environment variables is not recommended as they can be inadvertently exposed in logs or accessed by compromised dependencies. Embedding credentials in source code is a major security risk and should always be avoided. While AWS Systems Manager Parameter Store can store credentials as SecureString parameters, it does not offer the same built-in, automated rotation capabilities as Secrets Manager, making Secrets Manager the superior choice for this use case.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secret management service and how does it work?
Open an interactive chat with Bash
What are the risks of embedding credentials in environment variables?
Open an interactive chat with Bash
What features should I look for in a secret management service?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access