AWS Certified Developer Associate DVA-C02 Practice Question
An application you are working on needs to securely store credentials required to connect to a database and a third-party service's API. What service can you use to manage these credentials while enabling access to them from your serverless functions without embedding them directly in the function code?
The best practice for securing secrets required by applications is to use a dedicated secrets management service. This service is purpose-built for securely handling credentials, API keys, and other secret information, with support for automatic rotation and secure retrieval by authorized compute services, such as serverless functions. Environment variables can be accessed by unauthorized personnel if they gain access to the deployment environment, and they typically hold configuration data rather than sensitive secrets. An IAM role is an AWS resource that allows you to define permissions for service or user actions but does not offer a way to store sensitive credentials. Instance Metadata Service is specific to EC2 and provides temporary, short-lived metadata to EC2 instances and is not appropriate for long-term secrets management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Secrets Manager?
Open an interactive chat with Bash
How does Secrets Manager handle secret rotation?
Open an interactive chat with Bash
What are the key differences between Secrets Manager and Lambda environment variables?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access