The database administrator is looking for options to store credentials for a database configured in the Amazon EC2 instance.
To meet security guidelines, credentials need to be rotated regularly.
These instances are already integrated with the AWS Parameter store for storing configuration files.
Team Lead is looking for a consistent way to call secrets from the existing configuration scripts. What can be done to achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
Since the Rotation of credentials is required, AWS Secrets manager is an option to store these credentials.
Secrets stored in Amazon Secrets Manager can be referenced from the Parameter Store using path as /aws/reference/secretsmanager/secret_Id_in_Secret_manager.
Options A & C are incorrect.
Since secret key rotation is required, you need to create a secret in AWS Secrets Manager & not in the Parameter store.
Option B is incorrect as the reference path is incorrect.
For more information on AWS Systems Manager Parameter Store, refer to the following URL,
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.htmlThe best option to store and rotate the database credentials in an Amazon EC2 instance while complying with security guidelines is to use AWS Secrets Manager. AWS Secrets Manager is a service that enables the storage and management of secrets such as database credentials, API keys, and other sensitive data used in your applications.
Option B is the correct answer. To achieve this requirement, the steps are:
Create a secret in AWS Secrets Manager: The database administrator can create a secret in the AWS Secrets Manager console or using the AWS CLI. The secret should include the database credentials, such as the username and password, and any other sensitive data that needs to be stored.
Store the secret in AWS Secrets Manager: The secret is stored encrypted at rest and is accessible only to authorized users or applications.
Create a reference path in the AWS Parameter Store: The reference path is used to call the secret from the existing configuration scripts. The reference path is created using the following syntax: aws/reference/secretsmanager/secrets_id, where secrets_id is the ID of the secret created in step 1.
Retrieve the secret using the reference path: The configuration scripts can retrieve the secret by calling the reference path created in step 3. AWS Secrets Manager handles the decryption and rotation of the secret, ensuring that the credentials are always up to date and secure.
Option A is incorrect because it uses the wrong reference path syntax. The correct syntax is aws/reference/secretsmanager/secrets_id.
Option C is incorrect because it uses the wrong service name in the reference path. The secret was created in AWS Parameter Store, not AWS Secrets Manager.
Option D is incorrect because it uses the wrong reference path syntax. The correct syntax is /aws/reference/secretsmanager/secrets_id, not aws/reference/secretsmanager/secrets_id.
In summary, Option B is the correct answer as it follows the best practices for storing and rotating secrets using AWS Secrets Manager, and it creates a reference path in the AWS Parameter Store to allow for easy retrieval by the configuration scripts.