Minimize Code for Lambda Functions - AWS Certified Developer - Associate Exam
Question
A Developer is writing several Lambda functions that each access data in a common RDS DB instance.
They must share a connection string that contains the secret database credentials.
A company policy requires that all secrets be stored encrypted. Which solution will minimize the amount of code the Developer must write?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following to support this.
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.
You can store data such as passwords, database strings, and license codes as parameter values.
You can store values as plain text or encrypted data.
You can then reference values by using the unique name that you specified when you created the parameter.
Options A and D are incorrect and inefficient since you don't need a separate table.
Also, it does not mention in the answer about the encryption of the underlying tables.
Option B is not correct since you need to share the encrypted connection strings.
For more information on the Systems Manager Parameter Store, please refer to the below Links-
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html https://aws.amazon.com/blogs/compute/sharing-secrets-with-aws-lambda-using-aws-systems-manager-parameter-store/The correct answer to this question is C. Use Systems Manager Parameter Store secure strings.
Explanation: The Developer is writing several Lambda functions that access data in a common RDS DB instance. The connection string that contains the secret database credentials needs to be shared among these functions. According to the company policy, all secrets need to be stored encrypted.
To minimize the amount of code the Developer must write, they can use AWS Systems Manager Parameter Store to securely store the connection string. Parameter Store provides a centralized location to manage configuration data and secrets, which can be easily retrieved by Lambda functions or any other AWS resource.
Specifically, the Developer can store the connection string as a secure string parameter in Parameter Store, which encrypts the parameter value using AWS Key Management Service (KMS). The Developer can then configure the Lambda functions to retrieve the parameter value at runtime using the AWS SDK, without having to hardcode the credentials in the code.
Option A, using a common DynamoDB table to store settings, would require the Developer to write additional code to retrieve and parse the settings from the DynamoDB table.
Option B, using AWS Lambda environment variables, would require the Developer to set the environment variable for each function, which can be error-prone and time-consuming.
Option D, using a table in a separate RDS database, would require the Developer to create and manage a separate RDS instance, which can be costly and complex.
Therefore, option C is the best solution to minimize the amount of code the Developer must write and to comply with the company policy for storing encrypted secrets.
