Secure Architecture II

Explore secure AWS architecture design focusing on temporary access management, encryption, compliance requirements, and resilient connectivity. Understand best practices for handling permissions, data security, and failover to build compliant and manageable cloud solutions.

We'll cover the following...

Question 23
Question 24
Question 25
Question 26
Question 27

Question 23

A developer in your organization needs specific permissions to manage DynamoDB operations, including creating, deleting, and updating tables, as well as scanning and querying the database. To enhance security and ensure that no long-term credentials are exposed, you decide to use a solution that provides temporary access. Additionally, you want to make sure the solution is easy to manage and scalable as more developers join the team.

Which approach will best meet these requirements?

A. Create an IAM user for each developer with policies attached for the required DynamoDB operations and enforce regular password changes.

B. Create a dedicated IAM role with policies for the required DynamoDB operations, then configure an identity provider (IAM Identity Center) to allow developers to assume this role and obtain temporary credentials.

C. Use AWS Secrets Manager to store and rotate credentials for DynamoDB, providing developers access to the secrets needed to perform their tasks.

D. Implement a combination of AWS Lambda and AWS Step Functions to automate the issuance of temporary credentials for developers to use with DynamoDB operations.