Explanation:
AWS Secrets Manager is purpose-built for securely storing, rotating, and managing credentials, eliminating hard-coded secrets. Granting the Glue job's IAM execution role specific access to retrieve the secret ensures least-privilege access — the job retrieves credentials dynamically at runtime without exposing them in code, job parameters, or S3 config files.
Ultimate access to all questions.
During a security review, a company identified a vulnerability in an AWS Glue job. The company discovered that credentials to access an Amazon Redshift cluster were hard coded in the job script. A data engineer must remediate the security vulnerability in the AWS Glue job. The solution must securely store the credentials. Which combination of steps should the data engineer take to meet these requirements? (Select TWO.)
A
Store the credentials in the AWS Glue job parameters.
B
Store the credentials in a configuration file that is in an Amazon S3 bucket.
C
Access the credentials from a configuration file that is in an Amazon S3 bucket by using the AWS Glue job.
D
Store the credentials in AWS Secrets Manager.
E
Grant the AWS Glue job IAM role access to the stored credentials.
No comments yet.