AWS Certified DevOps Engineer – Professional — Question 204

A DevOps engineer wants to deploy a serverless web application that is based on AWS Lambda. The deployment must meet the following requirements:
✑ Provide staging and production environments.
✑ Restrict developers from accessing the production environment.
✑ Avoid hardcoding passwords in the Lambda functions.
✑ Store source code in AWS CodeCommit.
✑ Use AWS CodePipeline to automate the deployment.
What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Create separate staging and production accounts to segregate deployment targets. Use AWS Key Management Service (AWS KMS) to store environment- specific values. Use CodePipeline to automate deployments with AWS CodeDeploy.
• B. Create separate staging and production accounts to segregate deployment targets. Use Lambda environment variables to store environment-specific values. Use CodePipeline to automate deployments with AWS CodeDeploy.
• C. Define tagging conventions for staging and production environments to segregate deployment targets. Use AWS Key Management Service (AWS KMS) to store environment-specific values. Use CodePipeline to automate deployments with AWS CodeDeploy.
• D. Define tagging conventions for staging and production environments to segregate deployment targets. Use Lambda environment variables to store environment-specific values. Use CodePipeline to automate deployments with AWS CodeDeploy.

Correct answer: B

Explanation

Option B is the correct choice as it allows for the creation of separate accounts for staging and production, thus ensuring security and access restrictions, while using Lambda environment variables avoids hardcoding sensitive information. The other options either propose using AWS KMS, which adds unnecessary complexity, or do not utilize Lambda environment variables, failing to meet the requirement of avoiding hardcoded passwords effectively.