AWS Certified Developer Associate DVA-C02 Practice Question
A developer needs to securely manage the storage and retrieval of database login credentials for an application hosted on Amazon EC2 instances. The application code requires these credentials to establish database connections at runtime. Which method is the recommended best practice for handling these credentials securely?
Create an IAM policy that grants the EC2 instance profile the necessary permissions to connect to the database without needing to store explicit credentials.
Use a secret management service like AWS Secrets Manager to store the database credentials, allowing the application to retrieve them securely at runtime.
Configure environment variables on the EC2 instances to hold the login details, and read them directly within the application when needed.
Embed the database credentials directly in the source code of the application after encrypting them with a basic encryption algorithm.
The correct method for handling sensitive login information is to utilize a dedicated secret management service, such as AWS Secrets Manager or AWS Systems Manager Parameter Store. These services provide a centralized and secure repository to store, manage, retrieve, and rotate credentials. Storing sensitive information in plaintext within application code or in environment variables on the server are insecure practices that can lead to inadvertent exposure in logs, version control, or to anyone with access to the server environment. While IAM database authentication is a secure method that uses an access policy to allow EC2 instances to connect to supported RDS databases without a password, a secret management service is the more general and recommended solution for storing and managing explicit credentials for any type of database.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secret management service and how does it work?
Open an interactive chat with Bash
What are the risks of embedding database credentials in source code?
Open an interactive chat with Bash
How does automatic rotation of secrets improve security?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access