Bird
0
0

You want to securely store a database password in a Lambda environment variable but avoid exposing it in plain text. Which approach is best practice?

hard📝 Best Practice Q15 of 15
AWS - Lambda
You want to securely store a database password in a Lambda environment variable but avoid exposing it in plain text. Which approach is best practice?
AUse AWS Lambda environment variables with encryption enabled and grant decryption permissions
BHardcode the password directly in the Lambda function code
CStore the password in a public S3 bucket and read it at runtime
DSend the password as a query parameter in API requests
Step-by-Step Solution
Solution:

  1. Step 1: Understand secure storage options

    Lambda environment variables support encryption with AWS KMS and access control.

  2. Step 2: Evaluate other options

    Hardcoding, public S3, or sending passwords in query parameters expose secrets and are insecure.

  3. Final Answer:

    Use AWS Lambda environment variables with encryption enabled and grant decryption permissions -> Option A

  4. Quick Check:

    Encrypted env vars + permissions = secure secret storage [OK]
Quick Trick: Encrypt env vars and control access for secrets [OK]
Common Mistakes:
  • Hardcoding secrets in code
  • Using public storage for passwords
  • Exposing secrets in API requests

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
API Gateway - Why API Gateway matters - Quiz 11easy API Gateway - API deployment and stages - Quiz 1easy DynamoDB - Tables, items, and attributes - Quiz 2easy Elastic Load Balancing - Network Load Balancer (NLB) - Quiz 4medium Elastic Load Balancing - Cross-zone load balancing - Quiz 12easy Elastic Load Balancing - Listener rules and routing - Quiz 5medium Elastic Load Balancing - Listener rules and routing - Quiz 2easy Elastic Load Balancing - Network Load Balancer (NLB) - Quiz 10hard RDS and Relational Databases - RDS supported engines - Quiz 10hard RDS and Relational Databases - RDS backup and snapshots - Quiz 10hard