AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Utilize AWS Secrets Manager to store all keys. Set up a rotation schedule in Secrets Manager to trigger an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Secrets Manager.

The correct answer is option A. This solution leverages AWS Secrets Manager to securely store and rotate the SSH key pairs. Secrets Manager can be configured with a rotation schedule that invokes an AWS Lambda function responsible for generating new key pairs, updating the public keys on the EC2 instances, and storing the rotated private keys back in Secrets Manager. This approach meets the requirement for automatic key rotation, secure storage, and minimal downtime during the process. Options B, C, and D do not provide as comprehensive a solution for secure key rotation with minimal downtime.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company operates Linux-based Amazon EC2 instances that require unique EC2 key pairs for SSH access. The company seeks to implement a key rotation policy that automatically rotates these key pairs upon request, securely stores the keys, and ensures minimal downtime of less than 1 minute during rotation. Which solution best meets these requirements?

Exam-Like

Utilize AWS Secrets Manager to store all keys. Set up a rotation schedule in Secrets Manager to trigger an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Secrets Manager.

100.0%

Store all keys as strings in Parameter Store, part of AWS Systems Manager. Schedule a Systems Manager maintenance window to invoke an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Parameter Store.

0.0%

Import EC2 key pairs into AWS Key Management Service (AWS KMS) and enable automatic key rotation. Establish an Amazon EventBridge scheduled rule to trigger an AWS Lambda function for initiating key rotation in AWS KMS.

Integrate all EC2 instances with Fleet Manager, a feature of AWS Systems Manager. Configure a Systems Manager maintenance window to execute a Systems Manager Run Command document for generating new key pairs and rotating the public keys across all instances in Fleet Manager.