A company uses AWS Lambda functions that rely on environment variables. The company does not want developers to see environment variables in plaintext. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an AWS Key Management Service (AWS KMS) key. Enable encryption helpers on the Lambda functions to use the KMS key to store and encrypt the environment variables..
Why this is the answer
AWS KMS is the appropriate service for encrypting sensitive data like environment variables. When you enable encryption helpers for Lambda environment variables, Lambda uses a KMS key to encrypt these variables at rest. The variables are then decrypted automatically at invocation time, and developers cannot view them in plaintext through the Lambda console or API. Deploying to EC2 instances does not inherently solve the plaintext environment variable issue. SSL encryption with CloudHSM is for securing network communication and hardware-based key storage, not directly for encrypting Lambda environment variables. AWS Certificate Manager (ACM) is used for managing SSL/TLS certificates, not for encrypting application-specific environment variables.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed