AWS Certified Solutions Architect – Professional — Question 892

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.

Answer options

• A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
• B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
• C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
• D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

Correct answer: D

Explanation

By terminating SSL on an ELB, the private key of the certificate is kept off the EC2 instances, preventing EC2 administrators with OS-level login privileges from accessing it. Restricting access to the AWS certificate store via IAM policies ensures only the security officers can manage the certificate. Other options fail because any administrator with root access or instance-level API access could ultimately retrieve the certificate if it is processed on or downloaded directly to the EC2 instances.