You working in the media industry and you have created a web application where users will be able to upload
photos they create to your website. This web application must be able to call the S3 API in order to be able to
function. Where should you store your API credentials whilst maintaining the maximum level of security.
A.
Save the API credentials to your php files.
B.
Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when
you first create it.
C.
Save your API credentials in a public Github repository.
D.
Pass API credentials to the instance using instance userdata.
B,
凭证使用IAM的role.
Agreed, B is correct by not b/c of some the reason listed, or at least I don’t think it is if my Mandarin is correct.
B is correct, most secure as it doesn’t save the credentials. As of 2017 you aren’t forced to assign the role when you create the instance, but not important in this question.