A developer wants to secure sensitive configuration data such as passwords, database strings, and application license codes. Access to this sensitive information must be tracked for future audit purposes. Where should the sensitive information be stored, adhering to security best practices and operational requirements?
A) In an encrypted file on the source code bundle; grant the application access with Amazon IAM
B) In the Amazon EC2 Systems Manager Parameter Store; grant the application access with IAM
C) On an Amazon EBS encrypted volume; attach the volume to an Amazon EC2 instance to access the data
D) As an object in an Amazon S3 bucket; grant an Amazon EC2 instance access with an IAM role

Question

Quizplus · Accepted Answer

The Amazon EC2 Systems Manager Parameter Store is designed for storing configuration data and secrets securely. It provides encryption, access control via IAM, and audit logging, which aligns with the requirement to track access for audit purposes.

A Developer Wants to Secure Sensitive Configuration Data Such as Passwords