AWS Certified Developer – Associate (DVA-C02) — Question 198

A developer must provide an API key to an AWS Lambda function to authenticate with a third-party system. The Lambda function will run on a schedule. The developer needs to ensure that the API key remains encrypted at rest.

Which solution will meet these requirements?

Answer options

• A. Store the API key as a Lambda environment variable by using an AWS Key Management Service (AWS KMS) customer managed key.
• B. Configure the application to prompt the user to provide the password to the Lambda function on the first run.
• C. Store the API key as a value in the application code.
• D. Use Lambda@Edge and only communicate over the HTTPS protocol.

Correct answer: A

Explanation

The correct answer is A because storing the API key as a Lambda environment variable with AWS KMS ensures that it is encrypted at rest, providing security. Option B is not suitable as it requires user input, which is not practical for scheduled runs. Option C is insecure since storing sensitive information directly in application code is not recommended. Option D does not address the encryption of the API key at rest.