Q29 — AWS SAP-C02 Ch.2

Question 29 of 75 | ← Chapter 2

Q179. A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA environment and in a production environment. The company must not expose credentials within application code and must rotate passwords automatically. Which solution will meet these requirements?

Correct Answer: B. Store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. Turn on rotation Provide a reference to the Secrets Manager key as an environment variable for the Lambda functions

Explanation

This solution involves storing the database credentials for both environments (QA and production) in AWS Secrets Manager, which provides a secure and scalable way to store secrets such as passwords. The Secrets Manager can be configured to turn on automatic password rotation, which meets the requirement of automatically rotating passwords. Distinct keys can be used to separate the credentials for each environment. The Lambda functions can reference the Secrets Manager keys by using environment variables, which ensures that the credentials are not exposed within the application code. This solution is also easier to manage and scale as additional Lambda functions and environments are added, simplifying the management of secrets across multiple services.