An online survey company operates a distributed application consisting of microservices within the AWS Cloud. These microservices are managed by an automatically scaled Amazon Elastic Container Service (ECS) cluster, which is targeted by an Application Load Balancer (ALB). The ALB serves as a custom origin for an Amazon CloudFront distribution. The company's survey includes sensitive data that must be encrypted during transmission through the application. Specifically, only the data-handling microservice should have the capability to decrypt this sensitive data. What solution will effectively meet these security requirements?

Exam-Like

Create a dedicated symmetric AWS Key Management Service (KMS) key for the data-handling microservice. Configure a field-level encryption profile and its associated settings, then link the KMS key and these settings to the CloudFront cache behavior.

28.6%

Generate an RSA key pair exclusively for the data-handling microservice. Upload the public key to the CloudFront distribution, establish a field-level encryption profile and configuration, and incorporate this configuration into the CloudFront cache behavior.

28.6%

Develop a dedicated symmetric AWS Key Management Service (KMS) key for the data-handling microservice. Implement a Lambda@Edge function that is programmed to utilize the KMS key for encrypting the sensitive data.

28.6%

Forge an RSA key pair specifically for the data-handling microservice. Develop a Lambda@Edge function that is configured to employ the private key from the RSA key pair to encrypt the sensitive data.

14.3%

AWS Certified Solutions Architect - Professional

Get started today

Comments