An application is implemented in the AWS platform.
Its automation test suites include test cases for different environments such as system test, staging and production.
The test scripts contain usernames and passwords to sign in to the application.
As the test scripts are saved in Github, it has some security issues.
You plan to store the credentials in the Systems Manager Parameter Store instead.
Which benefits can this approach bring? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - B, C.
Parameter Store allows you to separate the secrets and configuration data from the test scripts.
Check the Parameter Store features in https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html.
Option A is incorrect: Because the stored passwords do not rotate automatically.
This is a feature of Secrets Manager instead of Parameter Store.
Option B is CORRECT: Check https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html for how to control the access by IAM.
Option C is CORRECT: Because AWS CloudTrail can be used to monitor and audit how parameters in Parameter Store are used.
Option D is incorrect: Because Parameter Store does support versioning.
You can specify a parameter name and a specific version number in API calls and SSM documents.
Option E is incorrect: Because Parameter Store does not automatically rotate the parameter values.
This is unlike the AWS Secrets Manager service.
The proposed solution is to store the credentials used by the application's automation test suites in the Systems Manager Parameter Store rather than in Github. The benefits of using this approach are:
A. The stored passwords can be automatically rotated every year, and the test cases do not need to be changed when using the passwords. Automatically rotating the passwords every year can increase the security of the application by ensuring that passwords are not stale and have not been compromised. Using the Parameter Store eliminates the need to change the test cases when passwords are rotated, which can save time and reduce the risk of errors.
B. You can use IAM policies to restrict access to the API operations for the parameters such as GetParameter. IAM policies can be used to control access to Parameter Store API operations such as GetParameter. This allows you to restrict access to the credentials stored in the Parameter Store, which can increase the security of the application.
C. Parameter Store integrates with CloudTrail so that operations for the parameters are recorded. CloudTrail can be used to record the operations performed on the Parameter Store. This can help with auditing and compliance by providing a record of who accessed the credentials, when they accessed them, and what they did with them.
D. To make sure that the parameter values in Parameter Store are always returned correctly, there is no versioning for the parameters, and the values are overwritten when updated. Parameter Store does not provide versioning for parameters. When a parameter is updated, the previous value is overwritten. This means that there is no way to retrieve previous versions of a parameter value. This may or may not be an issue depending on the specific use case.
E. Parameter values stored in Parameter Store can be automatically rotated every year so that you do not need to rotate the credentials manually. Parameter Store provides a feature called Parameter Store Secure String that allows you to automatically rotate the values of a parameter every year. This feature can help improve the security of the application by ensuring that the credentials used by the automation test suites are not stale and have not been compromised.