A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI

Q & ACategory: Amazon Web ServicesA company is storing an access key (access key ID and secret access key) in a text file on a custom AMI
Admin Staff asked 3 years ago

A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?

A. Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.

B. Pass the access key to the instances through instance user data.

C. Obtain the access key from a key server launched in a private subnet.

D – IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret.

1 Answers
Admin Staff answered 3 years ago

D – IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret.