You want to securely distribute credentials for your Amazon RDS instance to your fleet of web server instances. The credentials are stored in a file that is controlled by a configuration management system. How do you securely deploy the credentials in an automated manner across the fleet of web server instances, which can number in the hundreds, while retaining the ability to roll back if needed?
A) Store your credential files in an Amazon S3 bucket. Use Amazon S3 server-side encryption on the credential files. Have a scheduled job that pulls down the credential files into the instances every 10 minutes.
B) Store the credential files in your version-controlled repository with the rest of your code. Have a post-commit action in version control that kicks off a job in your continuous integration system which securely copses the new credential files to all web server instances.
C) Insert credential files into user data and use an instance lifecycle policy to periodically refresh the file from the user data.
D) Keep credential files as a binary blob in an Amazon RDS MySQL DB instance, and have a script on each Amazon EC2 instance that pulls the files down from the RDS instance.
E) Store the credential files in your version-controlled repository with the rest of your code. Use a parallel file copy program to send the credential files from your local machine to the Amazon EC2 instances.

Question

Quizplus · Accepted Answer

Using Amazon S3 with server-side encryption ensures that the credentials are securely stored and can be distributed to instances in an automated manner. The scheduled job allows for regular updates and the ability to roll back by updating the files in S3.

You Want to Securely Distribute Credentials for Your Amazon RDS