Security III
Explore secure methods for managing rotating credentials in AWS Lambda and EC2 environments. Understand how to use AWS Secrets Manager and Systems Manager Parameter Store for secure storage and automatic rotation. Learn best practices for encrypting data in transit and at rest, managing fine-grained IAM permissions for Kubernetes Pods with IRSA, and enforcing access controls on shared file systems with Amazon EFS. This lesson strengthens your skills in securing serverless and containerized applications to meet stringent compliance and security requirements.
We'll cover the following...
Question 33
A developer is working on an AWS Lambda function that needs access to an external third-party API. This API requires authentication using a regularly rotated username and password, which cannot be stored directly within the Lambda function’s code for security reasons.
Which combination of AWS services can be used to securely store and retrieve these rotating credentials for the Lambda function? (Select any two options.)
A. AWS Certificate Manager (ACM)
B. AWS Systems Manager Parameter Store
C. AWS Key Management Service (KMS)
D. Amazon GuardDuty
E. Amazon Macie
Question 34
A developer is building a serverless application that consists of an AWS Lambda function needing to connect to an Amazon RDS database. The database credentials (username and password) must be stored securely and rotated automatically. The Lambda function should retrieve these credentials at runtime without hardcoding them. Which AWS service should the developer use to meet these requirements?
A. AWS Systems Manager Parameter Store with SecureString
B. Store credentials in Amazon S3 with default encryption enabled
C. AWS Secrets Manager
D. ...