Topic #: - All AWS Certified Developer Associate Questions

A. Create an AWS Secrets Manager secret for the database credentials encrypted with a KMS key. Modify the Lambda function to retrieve the secret from Secrets Manager. Attach a custom IAM policy to the Lambda function execution role to allow access to secretsmanager:GetSecretValue from the secret’s Amazon Resource Name (ARN) and to allow access to kms:Decrypt from the KMS key’s ARN. Most Voted
B. Create an Amazon S3 bucket for the database credentials. Encrypt the database credentials with server-side encryption with KMS keys (SSE-KMS). Modify the Lambda function to retrieve the database credentials from the S3 bucket. Attach a custom IAM policy to the Lambda function execution role to allow access to S3:GetObject from the S3 bucket’s Amazon Resource Name (ARN) and to allow access to kms:Decrypt from the KMS key’s ARN.
C. Create SecureString parameters in AWS Systems Manager Parameter Store for the database credentials encrypted with a KMS key. Pass the parameter values by using Lambda environment variables. Attach a custom IAM policy to the Lambda function execution role to allow access to ssm:GetParameter from the parameter’s Amazon Resource Name (ARN) and to allow access to kms:Decrypt from the KMS key’s ARN.
D. Create String parameters in AWS Systems Manager Parameter Store for the database credentials encrypted with a KMS key. Pass the parameter values by using Lambda environment variables. Attach a custom IAM policy to the Lambda function execution role to allow access to ssm:GetParameter from the parameter’s Amazon Resource Name (ARN) and to allow access to kms:Decrypt from the KMS key’s ARN.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.