AWS Certified Developer – Associate — Question 172

A developer is writing an application in AWS Lambda. To simplify testing and deployments, the developer needs the database connection string to be easily changed without modifying the Lambda code.

How can this requirement be met?

Answer options

• A. Store the connection string as a secret in AWS Secrets Manager.
• B. Store the connection string in an IAM user account.
• C. Store the connection string in AWS KMS.
• D. Store the connection string as a Lambda layer.

Correct answer: A

Explanation

The correct answer is A because AWS Secrets Manager is specifically designed for securely storing and managing sensitive information like database connection strings, allowing easy updates without code changes. Options B and C are not suitable as IAM user accounts and AWS KMS are not intended for storing application configuration data. Option D, while useful for sharing code, does not provide the flexibility needed for changing configuration values like a connection string.