Answer - B and D.
Option A is incorrect.
The connection string is assigned to an environment variable within a Lambda function.
We cannot directly put the connection string into the lambda function.
Option B is correct.
The connection string is assigned to an environment variable within a Lambda function.
Option C is incorrect.
You need to enable encryption for the environment variable and not the lambda function.
Option D is correct.
You need to enable encryption for the environment variable.
You can do this via Environment variables as mentioned in the AWS Documentation.
Expand the Environment variables section.
Enter your key-value pair.
Expand the Encryption configuration section.
Note that Lambda provides a default service key under the KMS key to encrypt at rest which encrypts your information after uploading.
If the information you provided is sensitive, you can additionally check the Enable helpers for encryption in transit checkbox and supply a custom key.
This masks the value you entered and results in a call to AWS KMS to encrypt the value and return it as Ciphertext.
If you haven't created a KMS key for your account, you will be provided a link to the AWS IAM console to create one.
The account must have encrypt and decrypt permissions for that key.
Note that the Encrypt button toggles to Decrypt after you choose it.
This affords you the option to update the information.
Once you have done that, choose the Encrypt button.
The Code button provides sample decrypt code specific to the runtime of your Lambda function that you can use with your application.
