Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 936 discussion

C. Store sensitive information in AWS Secrets Manager. AWS Secrets Manager securely stores sensitive information and provides automatic rotation of secrets, reducing the need for manual management. B. Create a Lambda layer that retrieves sensitive information. Using a Lambda layer allows multiple Lambda functions to access the sensitive information stored in Secrets Manager without needing to duplicate retrieval logic in each function. This approach centralizes the retrieval process and reduces operational complexity.

D doesn't provide automatic rotation Answer will be B and C

A. Lambda@Edge: Not relevant for secrets; Used for CDN/CloudFront. D. Parameter Store: Doesn’t support auto-rotation as easily as Secrets Manager. E. Env Variables: Not secure and needs manual management.

A - Lambda@Edge is primarily used for managing HTTP request/response behavior in a CDN environment with Amazon CloudFront. It is not designed for securely storing or rotating sensitive information. B - By creating a layer that securely retrieves sensitive information (for example, from AWS Secrets Manager), we will reduce duplication and operational overhead. The layer can also handle the logic for retrieving updated information if needed. C - Automatic rotation is managed. D - Automatic rotation is NOT managed. E - Setting environment variables dynamically at runtime is not an efficient or scalable practice for "thousands of Lambda functions". Too much operational overhead.

BC is correct

B,C ChatGPT agrees with me

Answer is CD

https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-aws-secrets-manager-and-lambda-function-to-store-rotate-and-secure-keys/