Secure Architecture I

Prepare yourself for the AWS Certified Solutions Architect Associate SAA-C03 Certificate exam by tackling practice questions related to IAM Roles, IAM groups, AWS Organization, AWS Control Tower, AWS Firewall Manager, and Amazon Cognito to design secure architectures.

Question 18

A company has a microservices architecture deployed on Amazon ECS. Each service needs to access different AWS resources, such as S3 buckets and DynamoDB tables. Security best practices and compliance requirements dictate that no long-term credentials should be embedded in the code, and the credentials should be rotated automatically.

As a solutions architect, recommend a solution with the least operational overhead that provides credentials to the microservices.

A. Use AWS Secrets Manager to store the credentials and update the services to retrieve them programmatically.

B. Attach IAM roles to the ECS tasks to grant the necessary permissions to each service.

C. Store the credentials in a KMS encrypted S3 bucket and configure the services to retrieve them on startup.

D. Embed the credentials in the container images and redeploy the services whenever the credentials change.

Get hands-on with 1400+ tech skills courses.