AWS Certified Developer – Associate (DVA-C02) — Question 177

A company has an application that runs as a series of AWS Lambda functions. Each Lambda function receives data from an Amazon Simple Notification Service (Amazon SNS) topic and writes the data to an Amazon Aurora DB instance.

To comply with an information security policy, the company must ensure that the Lambda functions all use a single securely encrypted database connection string to access Aurora.

Which solution will meet these requirements?

Answer options

• A. Use IAM database authentication for Aurora to enable secure database connections for all the Lambda functions.
• B. Store the credentials and read the credentials from an encrypted Amazon RDS DB instance.
• C. Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.
• D. Use Lambda environment variables with a shared AWS Key Management Service (AWS KMS) key for encryption.

Correct answer: C

Explanation

Option C is correct because storing the credentials in AWS Systems Manager Parameter Store as a secure string parameter ensures they are encrypted and can be accessed securely by all Lambda functions. Option A does not guarantee a single connection string for all functions, while option B involves an RDS instance rather than Parameter Store, which does not meet the requirement. Option D, while using encryption, does not provide a centralized and secure method for sharing a single connection string among all Lambda functions.