PdfPrep.com

What is the MOST secure way to authenticate the function to the database?

A developer is migrating code to an AWS Lambda function that will an Amazon Aurora MySQL database.

What is the MOST secure way to authenticate the function to the database?
A . Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database.
B . Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.
C . Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data.
D . Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.

Answer: B

Explanation:

Reference: https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically­with-aws-secrets-manager/

Exit mobile version