ExpertAWS SAP-C02 · Question 67 · Domain 2.3: Security Controls
An architect is designing a secure CI/CD pipeline using AWS CodePipeline, CodeBuild, and CodeDeploy. The pipeline needs to deploy an application to an Auto Scaling group of EC2 instances. The EC2 instances must retrieve highly sensitive database credentials during the deployment process. Which THREE security practices should be implemented? (Select THREE)
An architect is designing a secure CI/CD pipeline using AWS CodePipeline, CodeBuild, and CodeDeploy. The pipeline needs to deploy an application to an Auto Scaling group of EC2 instances. The EC2 instances must retrieve highly sensitive database credentials during the deployment process. Which THREE security practices should be implemented? (Select THREE)
Answer options:
Store the database credentials in AWS Secrets Manager.
Assign an IAM instance profile to the EC2 instances with permissions to read the specific secret.
Encrypt the secret in Secrets Manager using a Customer Managed KMS Key (CMK).
Store the credentials as plaintext environment variables in the CodeBuild buildspec.yml file.
Create an IAM user for the application, generate access keys, and store them on the EC2 instances.
Pass the credentials as parameters in the CodeDeploy appspec.yml file.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1
75 questions · hints · full answers · grading