Answer-first summary for fast verification
Answer: Use AWS Secrets Manager with a customer master key for encryption and automatic rotation. Retrieve secrets with EC2 user data scripts and export as environment variables.
Option D is the correct answer because AWS Secrets Manager is designed specifically for managing secrets, including rotation, encryption, and retrieval. It allows the automatic rotation of secrets with minimal development effort. By using a customer master key (CMK) to encrypt the secrets and an EC2 user data script to retrieve and export them as environment variables at startup, the requirements are met efficiently. This solution leverages built-in AWS capabilities for security and maintenance, reducing the need for custom scripting and manual interventions compared to the other options.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company operates a payment application on EC2 instances with an Application Load Balancer, using an Auto Scaling group spanning multiple AZs. The application requires encrypted secrets at rest, fetched as environment variables during startup, and rotated monthly. Identify the solution with minimal development effort.
A
Encrypt secrets in a text file stored in S3, using a customer-managed key. Read and export file contents as environment variables. Automate monthly rotation with S3 Object Lambda.
B
Utilize AWS Systems Manager Parameter Store with the default KMS key for secret strings. Use EC2 user data scripts for startup retrieval and environment variable export. Set up a Lambda function for monthly secret rotation.
C
Encode secrets in base64 and store as environment variables in app properties. Reference and rotate secrets in the application code.
D
Use AWS Secrets Manager with a customer master key for encryption and automatic rotation. Retrieve secrets with EC2 user data scripts and export as environment variables.
No comments yet.