The database administrator is looking for options to store credentials for a database configured in the Amazon EC2 instance.
To meet security guidelines, credentials need to be rotated regularly.
These instances are already integrated with the AWS Parameter store for storing configuration files.
Team Lead is looking for a consistent way to call secrets from the existing configuration scripts. What can be done to achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
Since the Rotation of credentials is required, AWS Secrets manager is an option to store these credentials.
Secrets stored in Amazon Secrets Manager can be referenced from the Parameter Store using path as /aws/reference/secretsmanager/secret_Id_in_Secret_manager.
Options A & C are incorrect.
Since secret key rotation is required, you need to create a secret in AWS Secrets Manager & not in the Parameter store.
Option B is incorrect as the reference path is incorrect.
For more information on AWS Systems Manager Parameter Store, refer to the following URL,
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.htmlThe correct answer is D. Create a secret in AWS Secrets Manager & Use reference path /aws/reference/secretsmanager/ secrets_id from Parameter store.
Explanation:
AWS Secrets Manager is a secrets management service that enables you to store and control access to credentials, passwords, and other secrets. It allows you to store the credentials securely and access them through an API call. The secrets can be automatically rotated based on a schedule, so the credentials are automatically updated without any manual intervention.
AWS Parameter Store is a service for storing configuration data, such as database strings, passwords, and other values. It is similar to AWS Secrets Manager, but it does not provide as much control over the secrets, such as automated rotation.
To meet the requirement of regularly rotating credentials for a database configured in an Amazon EC2 instance, the best option is to use AWS Secrets Manager. This service provides an easy way to store and manage secrets, and the credentials can be rotated automatically based on a schedule.
To call secrets from the existing configuration scripts, you can use the following reference path: /aws/reference/secretsmanager/ secrets_id. This path references the secret stored in AWS Secrets Manager and can be used in the existing configuration scripts.
Option A is incorrect because it references the secret stored in AWS Parameter Store instead of AWS Secrets Manager.
Option B is incorrect because it creates a Use reference path to the secrets_id in AWS Parameter Store instead of AWS Secrets Manager.
Option C is incorrect because it references the secret stored in AWS Secrets Manager, but the Use reference path is incorrect. It should be /aws/reference/secretsmanager/ secrets_id instead of aws/reference/ secretsmanager/ secrets_id.