Which of the following should you do?

Your development team wants account-level access to production instances in order to do live debugging of a highly
secure environment. Which of the following should you do?

Your development team wants account-level access to production instances in order to do live debugging of a highly
secure environment. Which of the following should you do?

A.
Place the credentials provided by Amazon Elastic Compute Cloud (EC2) into a secure Amazon Sample Storage Service (S3) bucket
with encryption enabled.
Assign AWS Identity and Access Management (IAM) users to each developer so they can download the credentials file.

B.
Place an internally created private key into a secure S3 bucket with server-side encryption using customer keys and configuration
management, create a service account on all the instances using this private key, and assign IAM users to each developer so they can
download the file.

C.
Place each developer’s own public key into a private S3 bucket, use instance profiles and configuration management to create a user
account for each developer on all instances, and place the user’s public keys into the appropriate account.

D.
Place the credentials provided by Amazon EC2 onto an MFA encrypted USB drive, and physically share it with each developer so that
the private key never leaves the office.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


raysmithvic1978

raysmithvic1978

C

dickloveqdd

dickloveqdd

the key word is “account-level access”
A ⇒ ”credentials provided by EC2″ is same to every developer.
B ⇒ ”an internally created private key ” is same to every developer.
C ⇒ ”each developer’s own public key ” is different
D ⇒ ”credentials provided by Amazon EC2 ” still same to every developer.

So C is the best ont in here.

Step1: upload “each developer’s own public key ”

Step2: Add each public key to all instance
http://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ec2-key-pairs.html

Step3:Create account for each developer

Step4:place the key-pair to appropriate account