A company operates Linux-based Amazon EC2 instances that require unique EC2 key pairs for SSH access. The company seeks to implement a key rotation policy that automatically rotates these key pairs upon request, securely stores the keys, and ensures minimal downtime of less than 1 minute during rotation. Which solution best meets these requirements?

Exam-Like

Utilize AWS Secrets Manager to store all keys. Set up a rotation schedule in Secrets Manager to trigger an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Secrets Manager.

100.0%

Store all keys as strings in Parameter Store, part of AWS Systems Manager. Schedule a Systems Manager maintenance window to invoke an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Parameter Store.

0.0%

Import EC2 key pairs into AWS Key Management Service (AWS KMS) and enable automatic key rotation. Establish an Amazon EventBridge scheduled rule to trigger an AWS Lambda function for initiating key rotation in AWS KMS.

0.0%

Integrate all EC2 instances with Fleet Manager, a feature of AWS Systems Manager. Configure a Systems Manager maintenance window to execute a Systems Manager Run Command document for generating new key pairs and rotating the public keys across all instances in Fleet Manager.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments