A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?
A. Use AWS Secrets Manager. Turn on automatic rotation.
B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.
D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
A
技巧:排除明顯錯(cuò)誤選項(xiàng),在沒(méi)有明顯錯(cuò)誤的選項(xiàng)中選擇最合理的選項(xiàng)。
某公司有一個(gè)運(yùn)行在Amazon EC2實(shí)例上的應(yīng)用,該應(yīng)用使用存儲(chǔ)在本地文件中的用戶名和密碼連接到Amazon Aurora數(shù)據(jù)庫(kù)。公司希望最小化憑證管理的操作開(kāi)銷。為了達(dá)成這一目標(biāo),解決方案架構(gòu)師應(yīng)該怎么做?
A. 正確。使用AWS Secrets Manager,并開(kāi)啟自動(dòng)輪換。AWS Secrets Manager 是一種服務(wù),可以幫助你保護(hù)訪問(wèn)應(yīng)用程序、服務(wù)和IT資源所需的秘密。它可以自動(dòng)輪換秘密,減少手動(dòng)管理秘密的需求,從而降低泄露風(fēng)險(xiǎn)并減輕管理負(fù)擔(dān)。對(duì)于數(shù)據(jù)庫(kù)憑證,使用Secrets Manager是非常合適的,因?yàn)樗梢园踩卮鎯?chǔ)憑證,并提供API供應(yīng)用程序檢索,同時(shí)支持自動(dòng)輪換憑證,確保安全性。
B. 不正確。使用AWS Systems Manager Parameter Store,并開(kāi)啟自動(dòng)輪換。AWS Systems Manager Parameter Store 提供了一個(gè)集中存儲(chǔ)配置數(shù)據(jù)和秘密(如數(shù)據(jù)庫(kù)憑證)的地方。雖然它也支持自動(dòng)輪換某些類型的參數(shù),但對(duì)于數(shù)據(jù)庫(kù)憑證的完整管理和安全性,Secrets Manager提供了更專門(mén)化的功能,如更細(xì)粒度的訪問(wèn)控制和集成AWS IAM策略。
C. 不正確。創(chuàng)建一個(gè)Amazon S3存儲(chǔ)桶來(lái)存儲(chǔ)使用AWS Key Management Service (AWS KMS) 加密密鑰加密的對(duì)象。將憑證文件遷移到S3存儲(chǔ)桶。將應(yīng)用指向S3存儲(chǔ)桶。
D. 不正確。S3更適合存儲(chǔ)的對(duì)象為靜態(tài)數(shù)據(jù),不會(huì)自動(dòng)輪換密鑰,而且也并不是為存儲(chǔ)和檢索頻繁變化的秘密(如數(shù)據(jù)庫(kù)憑證)而設(shè)計(jì)的。