Exam AWS Certified Security - Specialty topic 1 question 13 discussion

There is two possible answer for this question: SSM parameter store and secret manager. Since in the question it is mentioned "What is the MOST cost-effective way to manage the storage of credentials?" hence answer will be SSM parameter store, there is no charges for keeping password in SSM parameter store.

A is correct! A secure string parameter is any sensitive data that needs to be stored and referenced in a secure manner. If you have data that you don't want users to alter or reference in plain text, such as passwords or license keys, create those parameters using the SecureString datatype. For the following scenarios- You want to use data/parameters across AWS services without exposing the values as plain text in commands, functions, agent logs, or AWS CloudTrail logs. You want to control who has access to sensitive data. You want to be able to audit when sensitive data is accessed (AWS CloudTrail). You want to encrypt your sensitive data and you want to bring your own encryption keys to manage access. **Most Cost-Effective Way**

Answer is A. as per AWS documentation, there is no charge from Parameter Store to create a SecureString parameter, but charges for use of AWS KMS encryption do apply. Hence its the most cost effective way to store secure strings. https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

Within the limit of SSM Parameter Store keys (10000). , A is the most cost-effective solution.

A is correct Use AWS Systems Manager to store the credentials as Secure Strings Parameters. Secure by using an AWS KMS key.

a - Most cost effective Secrets manager is a great service for this use case - however is expensive, especially at this scale.

A is cost effective. SSM parameter store allow upto 10,000 secrets less than 4KB in size for free as standard parameters

A seems to be more cost effective than Secrets Manager. Check this link for a comparison: https://medium.com/awesome-cloud/aws-difference-between-secrets-manager-and-parameter-store-systems-manager-f02686604eae

A is correct!

Ans:A 100%

"MOST cost effective way" is the key. Answer : A

A is the best answer.

Ans > A

Ans (A) Because SSM create Parameters using Secure String and also its cost friendly https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html https://aws.amazon.com/systems-manager/pricing/

A is correct

A is correct and is MOST cost effective way. No charge for storing credentials. You just have to pay the KMS key used for parameters using SecureString ($1 per month). Way cheaper. Though you can also use the "Secret Manager" to store the credentials but there is $0.40 per secret per month + $0.05 per 10,000 API calls cost that you need to consider. Not cost effective if you have thousand of credentials to keep.

A is correct