How should the developer retrieve the variables with the FEWEST application changes?

By:
On:
In: DVA-C02
Tagged:
With: 0 Comments
A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS).The developer needs to securely store and retrieve different types of variables.These variables include authentication information for a remote API, the URL for the API, and credentials.The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.

How should the developer retrieve the variables with the FEWEST application changes?

Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.

Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.

Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.

Explanations:

AWS Systems Manager Parameter Store is designed to store configuration and secrets securely. By using unique paths for each environment, the application can easily retrieve the necessary variables without extensive code changes. Additionally, using AWS Secrets Manager for sensitive data like credentials provides added security and is suitable for managing secrets across multiple environments.

AWS Key Management Service (AWS KMS) is primarily used for encryption and key management rather than storing application configuration variables. While it can encrypt data, it is not designed for retrieving variables like API URLs or credentials directly, requiring more complex integration and code changes.

Storing variables in an encrypted file requires the application to handle file I/O operations and decryption logic, which increases complexity and necessitates application changes. Furthermore, managing multiple files for different environments can lead to errors and is less efficient than using dedicated services like Parameter Store or Secrets Manager.

Defining environment variables directly in the ECS task definition does not provide a centralized management solution for variables across multiple environments. This approach requires modifying the task definition for every environment change or deployment, leading to potential errors and increased maintenance overhead compared to using Parameter Store or Secrets Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − six =