How should a solutions architect meet these requirements while ensuring the sensor data is secure?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A company that tracks medical devices in hospitals wants to migrate its existing storage solution to the AWS Cloud.The company equips all of its devices with sensors that collect location and usage information.This sensor data is sent in unpredictable patterns with large spikes.The data is stored in a MySQL database running on premises at each hospital.The company wants the cloud storage solution to scale with usage.The company’s analytics team uses the sensor data to calculate usage by device type and hospital.The team needs to keep analysis tools running locally while fetching data from the cloud.The team also needs to use existing Java application and SQL queries with as few changes as possible.

How should a solutions architect meet these requirements while ensuring the sensor data is secure?

Store the data in an Amazon Aurora Serverless database. Serve the data through a Network Load Balancer (NLB). Authenticate users using the NLB with credentials stored in AWS Secrets Manager.

Store the data in an Amazon S3 bucket. Serve the data through Amazon QuickSight using an IAM user authorized with AWS Identity and Access Management (IAM) with the S3 bucket as the data source.

Store the data in an Amazon Aurora Serverless database. Serve the data through the Aurora Data API using an IAM user authorized with AWS Identity and Access Management (IAM) and the AWS Secrets Manager ARN.

Store the data in an Amazon S3 bucket. Serve the data through Amazon Athena using AWS PrivateLink to secure the data in transit.

Explanations:

While Amazon Aurora Serverless could handle unpredictable workloads and scale with usage, serving the data through a Network Load Balancer (NLB) is not appropriate for database access. NLB is typically used for load balancing TCP traffic, not for direct database connections. Furthermore, user authentication via NLB does not fit standard practices for database access, making this option not suitable.

Storing data in an Amazon S3 bucket is suitable for large-scale data storage but does not fulfill the requirement of using existing SQL queries and a Java application with minimal changes. Additionally, using Amazon QuickSight for analysis does not support SQL queries directly against MySQL or Aurora, limiting its utility for the analytics team.

Amazon Aurora Serverless can handle variable workloads and automatically scale with demand. The Aurora Data API allows for easy access to the database over HTTP, enabling the existing Java application and SQL queries to function with minimal changes. Using IAM for authentication and AWS Secrets Manager for credential management ensures secure access to the database.

Storing data in an S3 bucket and serving it through Amazon Athena is suitable for ad-hoc querying and analysis. However, this approach does not support the requirement for the existing Java application and SQL queries, as Athena uses a different SQL dialect. Although AWS PrivateLink secures data in transit, the option does not fully meet the need for minimal changes to the existing tools and queries.

2025-10-04

1 Comment

  1. Kathy
    Author

    I have a feeling that the answer is:
    Store the data in an Amazon Aurora Serverless database. Serve the data through the Aurora Data API using an IAM user authorized with AWS Identity and Access Management (IAM) and the AWS Secrets Manager ARN.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + fifteen =