Q83 — AWS DVA-C02 Ch.3

Question 83 of 100 | ← Chapter 3

A company has an application that runs as a series of AWS Lambda functions. Each Lambda function receives data from Amazon Simple Notification Service (Amazon SNS) and writes the data to an Amazon Aurora DB instance. To comply with information security policies, the company must ensure all Lambda functions use a secure, encrypted database connection string to access Aurora. Which solution meets these requirements?

Correct Answer: C. Store credentials in AWS Systems Manager Parameter Store as a SecureString parameter.

Explanation

Option C recommends storing credentials in AWS Systems Manager Parameter Store as a SecureString parameter. Parameter Store provides a secure and manageable way to store sensitive information such as database connection strings. This allows Lambda functions to retrieve the SecureString parameter from Parameter Store, ensuring all Lambda functions use the same secure, encrypted database connection string. Issues with other options include: Option A, IAM database authentication does provide secure database connectivity, but it is typically associated with database user identities rather than directly used for storing connection strings. Option B, storing credentials in an encrypted Amazon RDS DB instance offers some security but is not a best practice, as credentials may be subject to instance-level access permissions. Option D, using Lambda environment variables encrypted with a shared AWS KMS key provides encryption but is not purpose-built for storing and managing sensitive information like Parameter Store is.