WHY A IS False? |
CONCEPT: Securing sensitive information in Lambda functions |
There is a solution to this requirement of securing sensitive information in Lambda functions.
Environment variables for Lambda functions enable you to
- dynamically pass settings to your function code and libraries, without making changes to your code.
Read More about them at https://kaustubhsharma.com/blog/Lambda-functions
|
WHY B IS False? |
CONCEPT: Storing variables in encrypted DynamoDB table |
Storing the variables in an encrypted DynamoDB table is not necessary when you can use encryption helpers. It's become a more complicated process. |
WHY C IS True? |
CONCEPT: ENCRYPTION OF ENVIRONMENT VARIABLES IN LAMBDA |
ENCRYPTION AT TRANSIT:
- When you use environment variables, you can enable console encryption helpers to use client-side encryption to protect the environment variables in transit.
ENCRYPTION AT REST :
- You can use environment variables to store secrets securely for use with Lambda functions. Lambda always encrypts environment variables at rest. By default, Lambda uses an AWS KMS key that Lambda creates in your account to encrypt your environment variables. This AWS managed key is named
aws/lambda . However, you can Customer managed Keys if required.
Read more about it at https://kaustubhsharma.com/blog/Lambda-functions
CIPHERTEXT:
- It is encrypted text transformed from plaintext using an encryption algorithm.
- It can't be read until it has been converted into plaintext (decrypted) with a key.
|
WHY D IS False? |
CONCEPT: ENCRYPTION OF ENVIRONMENT VARIABLES IN LAMBDA |
When you deploy your Lambda function, all the environment variables you’ve specified are encrypted by default after, but not during, the deployment process. They are then decrypted automatically by AWS Lambda when the function is invoked. If you need to store sensitive information in an environment variable, you should encrypt that information before deploying your Lambda function. The Lambda console makes that easier for you by providing encryption helpers that leverage AWS Key Management Service to store that sensitive information as Ciphertext.
|
Short Trick |
1." sensitive information is properly secured" - This sensitive information is stored as environment variables within Lambda so we need encryption of environment variables.
So, environment variables are encrypted at transit by enabling console encryption helpers to use client-side encryption.
To encrypt environment variables at rest, Lambda uses an AWS KMS key by default that Lambda creates in your account to encrypt your environment variables. This AWS managed key is named aws/lambda .
|
References: |
REFERNCED
DOCS
|