Where should you store your API credentials whilst maintaining the maximum level of security?

Posted by: Pdfprep Category: SCS-C01 Tags: , ,

You are working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function.

Where should you store your API credentials whilst maintaining the maximum level of security?

A. Save the API credentials to your PHP files.

B. Don’t save your API credentials, instead create a role in IAM and assign this role to an EC2 instance when you first create it.

C. Save your API credentials in a public Github repository.

D. Pass API credentials to the instance using instance userdata.

Answer: B

Explanation:

Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it’s challenging to securely distribute credentials to each instance. especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials.

IAM roles are designed so that your applications can securely make API requests from your instances, without requiring you manage the security credentials that the applications use.

Option A.C and D are invalid because using AWS Credentials in an application in production is a direct no recommendation 1 secure access

For more information on IAM Roles, please visit the below URL: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html The correct answer is: Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it Submit your Feedback/Queries to our Experts

Leave a Reply

Your email address will not be published.