AWS Certified Developer – Associate — Question 224

A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application.

The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.
• B. Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.
• C. Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.
• D. Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.

Correct answer: B

Explanation

Option B is correct because AWS Systems Manager Parameter Store provides a secure and cost-effective way to store configuration data with built-in access control and auditing features. Options A and C involve more complexity and potential security risks, while Option D, while secure, may be more expensive than using Parameter Store for the given requirements.