Practice free →
HomeAWS Developer Associatecloudcomputingawsdevsecurity › Which approach correctly handles environment-spe…

Which approach correctly handles environment-specific configuration (DB endpoints, feature flags) for Lambda functions deployed via SAM/CloudFormation?

AHard-code production endpoints into source code and use git branches per environment
BStore config in AWS Systems Manager Parameter Store (or Secrets Manager) and read it at runtime by IAM-permitted Lambda execution roles
CPass plain-text DB passwords in CloudFormation template files committed to a public repo
DEdit the Lambda console UI manually per environment after every deploy
Answer & Solution
Correct answer: B. Store config in AWS Systems Manager Parameter Store (or Secrets Manager) and read it at runtime by IAM-permitted Lambda execution roles
Parameter Store / Secrets Manager + IAM is the canonical pattern. Hard-coded values in code, plain-text in templates, or manual UI edits all break repeatability or leak secrets.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions