Answer-first summary for fast verification
Answer: Utilize AWS Config with a managed rule for detecting unused secrets and EventBridge for notifications.
Option B is the correct answer. The 'secretsmanager-secret-unused' AWS Config managed rule can be used to detect which secrets are not being used. Coupled with an Amazon EventBridge rule to initiate notifications when this rule is triggered, it allows the developer to identify which secrets are not in use, thereby indirectly identifying the secrets that are still active without causing any application downtime. This method leverages AWS managed services to provide accurate and timely notifications about unused secrets.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a developer identify actively used secrets in AWS Secrets Manager without causing application downtime?
A
Set up AWS CloudTrail to log deliveries to S3 and CloudWatch to alarm on GetSecretValue API requests.
B
Utilize AWS Config with a managed rule for detecting unused secrets and EventBridge for notifications.
C
Temporarily deactivate secrets and monitor error logs to find which are still required.
D
Implement AWS X-Ray with a sampling rule for tracking GetSecretValue API usage.
No comments yet.