Answer-first summary for fast verification
Answer: Utilize AWS Secrets Manager for credential storage, encrypt with AWS KMS, automate rotation, and grant ECS Fargate access via IAM.
The most secure and low-overhead method for credential storage and rotation in this scenario is to use AWS Secrets Manager. AWS Secrets Manager provides robust features for encrypting secrets with an AWS KMS key, automating periodic rotation, and granting access permissions through IAM roles and policies. Option D, which suggests migrating the credentials to AWS Secrets Manager, encrypting them with an AWS KMS key, turning on secret rotation, and setting IAM policies for ECS Fargate access, is the correct answer.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An AWS-hosted application uses Amazon ECS with Fargate, an Application Load Balancer, and Amazon Aurora for its database. The company seeks a secure, low-overhead method for credential storage and rotation. Which approach best meets these criteria?
A
Move credentials to Amazon RDS parameter groups, encrypt with AWS KMS, enable rotation, and set IAM for KMS access to RDS.
B
Use AWS Systems Manager Parameter Store for credentials, encrypt with AWS KMS, rotate secrets, and configure IAM for ECS Fargate to access Secrets Manager.
C
Store credentials in ECS Fargate environment variables, encrypt with AWS KMS, implement rotation, and use IAM for Fargate access to Secrets Manager.
D
Utilize AWS Secrets Manager for credential storage, encrypt with AWS KMS, automate rotation, and grant ECS Fargate access via IAM.
No comments yet.