A company has AWS Lambda functions that use environment variables. The company does not want its developers to see environment variables in plaintext.
Which solution will meet these requirements?
A company has AWS Lambda functions that use environment variables. The company does not want its developers to see environment variables in plaintext.
Which solution will meet these requirements?
The appropriate solution is to use AWS Key Management Service (AWS KMS) keys and enable encryption helpers on the Lambda functions to store and encrypt the environment variables. AWS KMS is a managed service that allows the creation and control of encryption keys used to encrypt data. By enabling encryption helpers on the Lambda functions with a KMS key, the environment variables can be securely encrypted and will not be exposed in plaintext to developers.
Option D
https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption
I don't understand why we should use a complex way of encrypting variables instead of using Parameter Store... but in this case the best option is D