AWS Certified Solutions Architect – Associate (SAA-C03) — Question 886

A company runs thousands of AWS Lambda functions. The company needs a solution to securely store sensitive information that all the Lambda functions use. The solution must also manage the automatic rotation of the sensitive information.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

Answer options

• A. Create HTTP security headers by using Lambda@Edge to retrieve and create sensitive information
• B. Create a Lambda layer that retrieves sensitive information
• C. Store sensitive information in AWS Secrets Manager
• D. Store sensitive information in AWS Systems Manager Parameter Store
• E. Create a Lambda consumer with dedicated throughput to retrieve sensitive information and create environmental variables

Correct answer: B, C

Explanation

AWS Secrets Manager natively supports the automatic rotation of sensitive information, making it the ideal storage choice over Systems Manager Parameter Store, which would require custom rotation logic. To share the retrieval logic efficiently across thousands of Lambda functions with minimal operational overhead, packaging the code into a reusable Lambda layer is the best approach.