AWS Certified Developer – Associate (DVA-C02) — Question 263

A developer is building a containerized application on AWS. The application communicates with a third-party service by using API keys. The developer needs a secure way to store the API keys and pass the API keys to the containerized application.

Which solutions will meet these requirements? (Choose two.)

Answer options

• A. Store the API keys as a SecureString parameter in AWS Systems Manager Parameter Store. Grant the application access to retrieve the value from Parameter Store.
• B. Store the API keys in AWS CloudFormation templates by using base64 encoding. Pass the API keys to the application through container definition environment variables.
• C. Add a new AWS CloudFormation parameter to the CloudFormation template. Pass the API keys to the application by using the container definition environment variables.
• D. Embed the API keys in the application. Build the container image on-premises. Upload the container image to Amazon Elastic Container Registry (Amazon ECR).
• E. Store the API keys as a SecretString parameter in AWS Secrets Manager. Grant the application access to retrieve the value from Secrets Manager.

Correct answer: A, E

Explanation

Option A is correct because AWS Systems Manager Parameter Store allows for secure storage and controlled access to sensitive information like API keys. Option E is also correct as AWS Secrets Manager is designed for securely storing and managing sensitive information, including API keys. Options B, C, and D are not secure methods for handling API keys, as they either expose the keys or do not use secure storage solutions.