Q1 — AWS DVA-C02 Ch.3
Question 1 of 100 | ← Chapter 3
A company is building a serverless application. The application authenticates with a backend application using an API key. The company wants to store the external API key as part of the AWS Lambda configuration. The company requires full control over the AWS Key Management Service (AWS KMS) key used to encrypt the API key and restrict visibility to authorized entities only. Which solution meets these requirements?
- A. Store the API key in AWS Systems Manager Parameter Store as a String parameter. Use the AWS-provided default AWS KMS key to encrypt the API key.
- B. Store the API key in AWS Lambda environment variables. Create a customer-managed AWS KMS key to encrypt the API key. ✓
- C. Store the API key in the code repository. Use an AWS-managed key to encrypt the code repository.
- D. Store the API key as a record in an Amazon DynamoDB table. Use an AWS-managed key to encrypt the API key.
Correct Answer: B. Store the API key in AWS Lambda environment variables. Create a customer-managed AWS KMS key to encrypt the API key.
Explanation
The company should store the API key in AWS Lambda environment variables and create a customer-managed AWS KMS key to encrypt it. This ensures the API key is encrypted at rest and accessible only to authorized entities with appropriate KMS permissions.