A company has an application that uses an AWS Lambda function to process data. A developer must implement encryption in transit for all sensitive configuration data, such as API keys, that is stored in the application. The developer creates an AWS Key Management Service (AWS KMS) customer managed key.
What should the developer do next to meet the encryption requirement?
To implement encryption in transit for sensitive configuration data in an AWS Lambda function, the most direct approach is to create encrypted Lambda environment variables. By specifying the customer managed KMS key to encrypt these variables and enabling encryption helpers, the developer ensures that the data remains encrypted during transit. Granting permission to the Lambda function's execution role to access the KMS key completes the necessary setup for secure data handling.
Considering: "API keys, that is stored in the application". D is the most direct approach. Lambda supports encrypting environment variables with a KMS key, eliminating the need for additional services or layers.
OPTION B ---CORRECT . To meet the requirement of encrypting sensitive configuration data in transit while using it within an AWS Lambda function, the developer should leverage AWS Secrets Manager. Secrets Manager is specifically designed for handling and securing sensitive information like API keys, database credentials, and similar data, making it suitable for this scenario.
D is the correct answer