AWS Certified Developer – Associate (DVA-C02) — Question 49

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts that run in Amazon EC2 instances and in AWS CloudFormation stacks.
Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Amazon S3 with encrypted files prefixed with “config”
• B. AWS Secrets Manager secrets with a tag that is named SecretString
• C. AWS Systems Manager Parameter Store SecureString parameters
• D. CloudFormation NoEcho parameters

Correct answer: C

Explanation

The correct answer is C, as AWS Systems Manager Parameter Store SecureString parameters are specifically designed for securely storing sensitive information and allow for easy access from EC2 instances and CloudFormation. Option A is less secure as it relies on file encryption, which may not be as straightforward to access in scripts. Option B, while secure, incurs additional costs associated with AWS Secrets Manager. Option D does not provide a dedicated storage solution for the license keys.