Secure Architecture I

Explore how to design secure AWS architectures by implementing IAM roles for ECS microservices, managing security policies centrally with AWS Organizations and Control Tower, and enforcing network security with AWS Firewall Manager. This lesson equips you with practical solutions to ensure compliance, scalability, and low operational overhead in multi-account environments.

We'll cover the following...

Question 18
Question 19
Question 20
Question 21
Question 22

Question 18

A company has a microservices architecture deployed on Amazon ECS. Each service needs to access different AWS resources, such as S3 buckets and DynamoDB tables. Security best practices and compliance requirements dictate that no long-term credentials should be embedded in the code, and the credentials should be rotated automatically.

As a solutions architect, recommend a solution with the least operational overhead that provides credentials to the microservices.

A. Use AWS Secrets Manager to store the credentials and update the services to retrieve them programmatically.

B. Attach IAM roles to the ECS tasks to grant the necessary permissions to each service.

C. Store the credentials in a KMS encrypted S3 bucket and configure the services to retrieve them on startup.

D. Embed the credentials in the container images and redeploy the services whenever the credentials change.