What is the MOST secure solution that meets these requirements?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A company has developed a serverless web application that is hosted on AWS.The application consists of Amazon S3.Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database.The company is using AWS CodeCommit to store the source code.The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code.A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories.A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets.

What is the MOST secure solution that meets these requirements?

Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

Enable Amazon CodeGuru Profiler. Decorate the handler function with @with lambda profiler(). Manually review the recommendation report. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

Explanations:

CodeGuru Profiler is not designed for detecting hardcoded secrets. It is used for profiling Lambda performance. Using Systems Manager Parameter Store is not the best option for storing sensitive information like database credentials, as Secrets Manager is specifically designed for this purpose.

CodeGuru Reviewer can automatically detect hardcoded secrets and provide recommendations for their removal. Storing secrets in AWS Secrets Manager is the best practice as it is designed for securely managing sensitive information like database credentials.

While CodeGuru Profiler can assist with Lambda performance issues, it is not designed for detecting hardcoded secrets. Using Secrets Manager is correct, but CodeGuru Profiler is not the right tool in this context.

CodeGuru Reviewer is the correct tool for detecting hardcoded secrets, but using Systems Manager Parameter Store is not ideal for sensitive information. Secrets Manager should be used instead for better security practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × one =