AWS Lambda Security at Rest and in Transit

AWS Lambda always provides server-side encryption at rest with an AWS KMS key. By default, Lambda uses an AWS managed key. If this default behavior suits your workflow, you don’t need to set anything else up. Lambda creates the AWS managed key in your account and manages permissions to it for you. AWS doesn’t charge you to use this key.

Edit environment variables page, choose Encryption configuration, and check the Enable helpers for encryption in transit setting status available under Encryption in transit. If the Enable helpers for encryption in transit…