Most Secure and Cost-Effective Credit Card Storage for Lambda Functions

Answer: A.

Lambda always provides server-side encryption at rest with an AWS KMS key.

By default, Lambda uses an AWS-managed key.

If this default behavior suits your workflow, you don't need to set anything else up.

Lambda creates the AWS managed key in your account and manages permissions to it for you.

AWS doesn't charge you to use this key.

If you prefer, you can provide an AWS KMS customer-managed key instead.

You might do this to have control over the rotation of the KMS key or to meet the requirements of your organization for managing KMS keys.

When you use a customer-managed key, only users in your account with access to the KMS key can view or manage environment variables on the function.

Options B is incorrect because it is the distractor, there is nothing like a custom KMS key.

The real component is Customer managed keys.

Option C is incorrect because Transport Layer Security (TLS) is used for encryption in transit and When you manage Lambda resources all communication is encrypted in transit with Transport Layer Security (TLS).

Option D is incorrect because this will not secure the credit card information.

Reference:

https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption https://aws.amazon.com/kms/pricing/

When storing sensitive data such as credit card numbers in a serverless architecture, it is important to ensure that the data is stored securely and is only accessible to authorized users.

Option A - Use Environment variable with AWS managed key: AWS Key Management Service (KMS) is a service that allows you to create and manage encryption keys used to encrypt your data. With this option, you would store the credit card number as an environment variable in your Lambda function and use an AWS managed key to encrypt and decrypt the data. This option is a secure way of storing sensitive data, and the cost is dependent on the usage of the AWS KMS service. However, it is important to note that using environment variables to store sensitive data may not be the best option, as they can be easily accessed by anyone with access to the AWS Management Console or API.

Option B - Use Environment variable with custom KMS key: This option is similar to option A, but instead of using an AWS managed key, you would use a custom KMS key to encrypt and decrypt the credit card number. This provides an additional layer of security, as the custom key can only be accessed by authorized users. However, the cost of using a custom key can be higher than using an AWS managed key.

Option C - Use Environment variable with Transport Layer Security (TLS): TLS is a cryptographic protocol that provides secure communication over the internet. With this option, you would store the credit card number as an environment variable in your Lambda function and use TLS to encrypt and decrypt the data. This option is a secure way of storing sensitive data, but it may not be the best option if you need to access the credit card number frequently, as the cost of using TLS can be higher than using encryption with AWS KMS.

Option D - Assign a variable with credit card information: This option is not recommended, as storing sensitive data in plaintext is not secure and could lead to a data breach. Additionally, it is not a scalable solution, as you would need to manually update the variable every time the credit card information changes.

Overall, Option B (Use Environment variable with custom KMS key) is the most secure and cost-effective way to store the credit card information in a Lambda function.