Which solution will meet these requirements MOST cost-effectively?
Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.
Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.
Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.
Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.
Explanations:
Storing configuration data in an encrypted file within the source code bundle is not recommended due to security risks. Source code bundles could be compromised or leaked, and IAM policies are not designed to protect sensitive configuration data stored directly in code.
AWS Systems Manager Parameter Store allows secure storage of configuration data, and IAM policies can control access. It also supports versioning and auditing features, making it an ideal solution for this use case.
Storing sensitive configuration data on an Amazon EBS volume requires attaching it to an EC2 instance, which is less secure and more complex to manage. EBS is not designed for securely storing configuration data with proper access controls and auditing.
AWS Secrets Manager is designed for storing and managing sensitive information like database credentials and API keys, but the company does not need to manage key rotation, which is a primary feature of Secrets Manager. Parameter Store is a more cost-effective choice.
I plot that the answer is:
Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.