Answer-first summary for fast verification
Answer: Leverage AWS Secrets Manager with a KMS key, establish a cross-account access policy, and ensure EC2 instances have access to Secrets Manager for token decryption.
The optimal solution for securely storing an access token, ensuring it's encrypted and accessible across AWS accounts with minimal management overhead, is to use AWS Secrets Manager with a KMS key (option C). AWS Secrets Manager is specifically designed for managing secrets, providing built-in encryption at rest and in transit, automatic rotation of secrets, and straightforward retrieval. This reduces the operational burden compared to other options. Additionally, Secrets Manager allows for resource-based policies that can grant cross-account access, making it an efficient and secure choice for this use case.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can a developer securely store an access token for an EC2-based application, ensuring it's encrypted and accessible across AWS accounts with minimal management effort?
A
Utilize AWS Systems Manager Parameter Store with a KMS key, apply a cross-account access policy, and grant EC2 instances necessary permissions for token retrieval and decryption.
B
Employ AWS KMS for token encryption, store it in DynamoDB, and configure EC2 instances with permissions for DynamoDB access and token decryption.
C
Leverage AWS Secrets Manager with a KMS key, establish a cross-account access policy, and ensure EC2 instances have access to Secrets Manager for token decryption.
D
Use AWS KMS to encrypt the token, store it in an S3 bucket with a policy for cross-account access, and provide EC2 instances with S3 and KMS permissions for token retrieval and decryption.