Correct answer - "Envelope Encryption and store as file within the code" : AWS Lambda environment
variables have a maximum size of a few KB. Additionally, the direct 'Encrypt' API of KMS also
has a few KB limit. To encrypt 1 MB, you need to use the Encryption SDK and pack the encrypted
file with the lambda function.
Incorrect:
"KMS direct encryption and store as file" - You can encrypt up to 4 kilobytes (4096 bytes) of
arbitrary data such as an RSA key, a database password, or other sensitive information
"Envelope Encryption and store as environment variable" - Environment variables must not exceed 4
KB
"KMS Encryption and store as environment variable" -You can encrypt up to 4 kilobytes (4096
bytes) of arbitrary data such as an RSA key, a database password, or other sensitive
information. Environment variables must not exceed 4 KB