Which solution meets these requirements?
Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.
Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.
Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.
Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.
Explanations:
AWS Secrets Manager is specifically designed to securely store and manage sensitive information, including database credentials. It supports automatic rotation of credentials and provides IAM permissions to control access.
AWS Systems Manager OpsCenter is not designed for storing database credentials securely. It’s primarily for managing operational issues and does not support credential rotation like Secrets Manager.
Storing credentials in an S3 bucket is not recommended for security reasons, as it does not provide the same level of credential management and rotation capabilities as Secrets Manager. Additionally, S3 bucket permissions must be managed carefully to prevent unauthorized access.
While using AWS KMS for encryption is secure, storing credentials on the web server’s file system poses security risks. This method lacks centralized management and automated credential rotation, making it less secure compared to using Secrets Manager.
I value that the answer is:
Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.