Which solution will meet these requirements?
Store the API key as a Lambda environment variable by using an AWS Key Management Service (AWS KMS) customer managed key.
Configure the application to prompt the user to provide the password to the Lambda function on the first run.
Store the API key as a value in the application code.
Use Lambda@Edge and only communicate over the HTTPS protocol.
Explanations:
Storing the API key as a Lambda environment variable with an AWS KMS customer managed key ensures that the key is encrypted at rest, meeting the requirement for security. AWS KMS allows the encryption and decryption of environment variables.
Prompting the user for a password on the first run is not feasible for a scheduled Lambda function, as it operates without user interaction, and this approach does not secure the API key at rest.
Storing the API key directly in the application code is not a secure approach, as it exposes the key to anyone who has access to the code and does not ensure encryption at rest.
Using Lambda@Edge and HTTPS ensures secure communication but does not address the requirement of keeping the API key encrypted at rest. Encryption at rest must be handled differently.