What should the solutions architect do to meet this requirement?

A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file.The configuration file is stored as plaintext on the root device volume of the team’s Amazon EC2 instance.When the team’s application needs to reach the database, it reads the file and loads the credentials into the code.The team has modified the permissions of the configuration file so that only the application can read its content.A solutions architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

Store the configuration file in Amazon S3. Grant the application access to read the configuration file.

Create an IAM role with permission to access the database. Attach this IAM role to the EC2 instance.

Enable SSL connections on the database instance. Alter the database user to require SSL when logging in.

Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI.

Explanations:

Storing the credentials in Amazon S3 is not a secure solution because S3 is not intended for securely storing sensitive information such as credentials, even with restricted access.

Assigning an IAM role with permissions to the EC2 instance allows the application to securely access the database without needing hard-coded credentials in a file on the instance.

Enabling SSL for the database connection secures data in transit but does not eliminate the need to securely manage and access the database credentials on the EC2 instance.

Moving the configuration file to an instance store or creating an AMI does not improve security for credentials; the credentials are still stored on the instance, which is not secure.

Learn & move to cloud

What should the solutions architect do to meet this requirement?

Explanations:

Leave a Reply Cancel reply