Which combination of steps should the solutions architect take to accomplish this?
(Choose three.)
Use Amazon EC2 instance profiles with an IAM role
Use AWS Secrets Manager to store access keys and secret access keys
Use AWS Systems Manager Parameter Store to store database credentials
Use a secure fleet of Amazon EC2 bastion hosts for remote access
Use AWS KMS to store database credentials
Use AWS Systems Manager Session Manager for remote access
Explanations:
EC2 instance profiles with an IAM role provide temporary credentials to EC2 instances, eliminating the need to store static access keys. This improves security by reducing the risk of key exposure.
AWS Secrets Manager is used to store sensitive information such as database credentials but is not necessary for storing access keys and secret access keys. AWS instance profiles with IAM roles are more suitable.
AWS Systems Manager Parameter Store is a secure and scalable way to store sensitive information like database credentials, providing a central and secure location.
Using a fleet of EC2 bastion hosts introduces additional complexity and operational overhead for remote access management. It also does not directly enhance security for database or AWS access keys.
AWS KMS is a key management service used for encryption but is not a solution for securely storing database credentials. Systems Manager Parameter Store is a better option for storing credentials.
AWS Systems Manager Session Manager allows secure remote access to EC2 instances without requiring SSH keys or open inbound ports, improving security and reducing operational complexity.