Explanation:
The optimal solution for securely storing an access token, ensuring it's encrypted and accessible across AWS accounts with minimal management overhead, is to use AWS Secrets Manager with a KMS key (option C). AWS Secrets Manager is specifically designed for managing secrets, providing built-in encryption at rest and in transit, automatic rotation of secrets, and straightforward retrieval. This reduces the operational burden compared to other options. Additionally, Secrets Manager allows for resource-based policies that can grant cross-account access, making it an efficient and secure choice for this use case.
Ultimate access to all questions.
No comments yet.
How can a developer securely store an access token for an EC2-based application, ensuring it's encrypted and accessible across AWS accounts with minimal management effort?
A
Utilize AWS Systems Manager Parameter Store with a KMS key, apply a cross-account access policy, and grant EC2 instances necessary permissions for token retrieval and decryption.
B
Employ AWS KMS for token encryption, store it in DynamoDB, and configure EC2 instances with permissions for DynamoDB access and token decryption.
C
Leverage AWS Secrets Manager with a KMS key, establish a cross-account access policy, and ensure EC2 instances have access to Secrets Manager for token decryption.
D
Use AWS KMS to encrypt the token, store it in an S3 bucket with a policy for cross-account access, and provide EC2 instances with S3 and KMS permissions for token retrieval and decryption.