AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization is running a web service on a fleet of compute instances within a cloud environment. The service needs fine-grained access to a NoSQL database to perform select data retrieval operations. What is the MOST secure method to provision this access while adhering to best practices for credentials management?
Attach an instance profile associated with a role that has the necessary permissions to the compute instances.
Manually rotate and distribute new API keys periodically to the instances and update the service configuration accordingly.
Utilize a user management service to create unique users for every instance, granting them individual permissions to access the database.
Generate a fixed database user with credentials stored in the web service's configuration files on each instance.
Attaching an instance profile that assumes a role with the required database permissions is considered a secure and best practice approach. This way, the compute instances can proceed with actions against the database without the need to embed static credentials, significantly reducing the risk of compromised keys and improving credentials management. Instance profiles provide temporary, automatically rotated credentials that are securely delivered to instances, aligning with the principle of least privilege and reducing the risk of unauthorized database access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.