Summary
Keywords
Full Transcript
Aqui esta la pregunta del examen AWS Solutions Architect Associate ✳️ A web-application deployed on Amazon EC2 Instance launched in VPC A needs to connect with AWS KMS for data encryption. This traffic should preferably flow over the AWS network. Access to the AWS KMS keys should be controlled by granting permissions only to specific entities and ensuring the least privileged security practice is followed. The proposed solution should be cost-effective and should be set up effectively. What design can be proposed? 1️⃣ Deploy a firewall proxy server on an Amazon EC2 instance for internet access to AWS KMS. Create policies on proxy servers to control access to AWS KMS only from the Instance IP address 2️⃣ Attach a NAT Gateway to VPC A to access AWS KMS. Create a Network ACL allowing communication with AWS KMS only from the Instance IP address 3️⃣ Create a VPC endpoint from VPC A for AWS KMS. Create a key policy matching 'aws: SourceVpc' condition key which will match VPC A 4️⃣ Create a VPC endpoint from VPC A for AWS KMS. Create a key policy matching 'aws: SourceVpce' condition key which will match VPC endpoint ID En el video encontraras la respuesta con la explicacion ✅ Hazte MIEMBRO del canal para conseguir mas ventajas ✅ ➡️ https://www.youtube.com/channel/UCO8o2MP-i4jLXEuLmMQGFeA/join 🔷 Para estar al día de todo ahora también puedes encontrarme en Telegram ➡️ https://t.me/rubenjgarciacloud
