Learn the most efficient and secure way to store and automatically rotate sensitive information used by AWS Lambda functions. Discover how AWS Secrets Manager and Systems Manager Parameter Store can help meet your security requirements with minimal operational overhead. Prepare for the Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification exam.
Table of Contents
Question
A company runs thousands of AWS Lambda functions. The company needs a solution to securely store sensitive information that all the Lambda functions use. The solution must also manage the automatic rotation of the sensitive information.
Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)
A. Create HTTP security headers by using Lambda@Edge to retrieve and create sensitive information
B. Create a Lambda layer that retrieves sensitive information
C. Store sensitive information in AWS Secrets Manager
D. Store sensitive information in AWS Systems Manager Parameter Store
E. Create a Lambda consumer with dedicated throughput to retrieve sensitive information and create environmental variables
Answer
The best combination of steps to securely store sensitive information used by thousands of AWS Lambda functions, while managing automatic rotation with the least operational overhead, is:
C. Store sensitive information in AWS Secrets Manager
D. Store sensitive information in AWS Systems Manager Parameter Store
Explanation
AWS Secrets Manager and AWS Systems Manager Parameter Store are both designed to securely store sensitive information, such as passwords, API keys, and other secrets. They provide a central location to manage and retrieve secrets, making it easier for Lambda functions to access the required sensitive information.
AWS Secrets Manager goes a step further by offering built-in automatic rotation of secrets. It natively integrates with Amazon RDS, Amazon Redshift, and Amazon DocumentDB, allowing you to rotate credentials with minimal effort. For other types of secrets, you can create custom Lambda functions to define the rotation logic. This automation reduces operational overhead and ensures that secrets are regularly rotated, enhancing security.
AWS Systems Manager Parameter Store also securely stores sensitive information, but it does not provide native automatic rotation capabilities. However, you can use AWS Lambda functions to automate the rotation of secrets stored in Parameter Store.
The other options mentioned, such as using Lambda@Edge, creating a Lambda layer, or creating a Lambda consumer with dedicated throughput, would introduce additional complexity and operational overhead compared to using Secrets Manager or Parameter Store.
In summary, storing sensitive information in AWS Secrets Manager and AWS Systems Manager Parameter Store, leveraging the automatic rotation capabilities of Secrets Manager when possible, provides a secure and efficient solution for managing secrets used by a large number of AWS Lambda functions.
Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Associate SAA-C03 exam and earn Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification.