101k views
1 vote
You are working in the media industry, and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials while maintaining the maximum level of security.

User Cruizer
by
6.4k points

2 Answers

5 votes

Answer:

B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.

Step-by-step explanation:

The missing options is:

A. Save the API credentials to your php files.

B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.

C. Save your API credentials in a public Github repository.

D. Pass API credentials zto the instance using instance userdata.

The API credentials are confidential information that shouldn't be stored at all or in a place that allows public access to it.

The following steps are use when creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows:

1. Create an IAM role.

2. Define which accounts or AWS services can assume the role.

3. Define which API actions and resources the application can use after assuming the role.

4. Specify the role when you launch your instance, or attach the role to an existing instance.

So from the above explanation, the answer is: B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.

User Michael Garito
by
5.7k points
0 votes

Answer:

Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it

Step-by-step explanation:

If the aim of the web application is to call the S3 API, for proper functioning, there is no need to store the API credentials to maintain a maximum level of security. All you need to do is to create a role in IAM and then assign the created role to an EC instance at the first moment that it was created. This would ensure that the highest level of security, while still achieving the aim of allowing your web application function properly.

User Paul Ruiz
by
6.1k points