Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 100 discussion

C makes a better sense. Between C (S3) and D (EBS), S3 is highly available with LEAST operational overhead.

Correct Answer is C: EBS is not highly available

C is the most efficient.

AWS KMS: Provides a managed service for secure key storage and encryption/decryption operations. This eliminates the need to manage encryption/decryption logic within the application itself. Customer Managed Key: The company maintains control over the key, ensuring security. EC2 Role Permissions: Granting permissions to the EC2 role allows the application to use KMS for encryption/decryption without managing individual credentials. Amazon S3: Offers highly available and scalable storage for the encrypted certificates. S3 is generally cheaper than EBS for data that is not frequently accessed.

C for sure

S3: highly available EBS: lower latency

"Amazon S3 is an object storage service that can store large volumes of unstructured data, whereas Amazon EBS is a block storage service that is ideally suited for durable, low-latency data storage associated with EC2 instances." https://www.tutorialspoint.com/difference-between-amazon-s3-and-amazon-ebs#:~:text=In%20conclusion%2C%20Amazon%20S3%20is,storage%20associated%20with%20EC2%20instances. Seems like D to me. S3 is for large data, EBS is ec2 specific.

The language is confusing over here so I'm going by process of elimination A: Wrong because manual operation and fine grained IAM is overhead B: What? D: Between C and D S3 is more HA than EFS so C wins

I would select D. you can mount a single Amazon Elastic Block Store (EBS) volume to multiple Docker containers running on the same Amazon Elastic Compute Cloud (EC2) instance. . you can store data from a container running on Amazon Elastic Compute Cloud (EC2) to an Amazon Simple Storage Service (S3) bucket. One way to do this is to use the aws s3 cp command in the command line of the EC2 instance.

A - does not mention storing the encrypted data at all (though that is a requirement), also involves manual action which is surely NOT "least operational effort" B - Doesn't make any sense C - Yes, S3 meets the requirements and is easy to access from containerized app D - EBS volumes are mounted to the container host, but data is created on containers

A is OK secrets manager: - is highly available - you can store custom secrets in it like certificate - automatically encrypts secrets at rest, and can be configured for encryption in transit - downloading certificate from it is less operational overhead than decrypting it manually with KMS key arguments againts it that this is more manual than C and D? this manual step is necessary measure and can't be omitted in other options C and D have this "store the encrypted data in..." to store encrypted certificate you have to: log in to instance, get kms key, get certificate, encrypt it, and load that data this is more operational overhead

"C" is more correct because S3 is more efficient and cheaper to store data like certificates, like this case. Also Option D involves using Amazon Elastic Block Store (Amazon EBS) volumes, which is not typically used for storing certificates and may introduce unnecessary complexity and operational overhead.

confused between EBS and S3, both are HA, but location?

C. when it comes to availability, Amazon S3 is generally more highly available than Amazon EBS because S3 replicates data across multiple AZs by default, providing greater resilience to failures. However, the choice between S3 and EBS depends on your specific use case and whether you need block storage for EC2 instances (EBS) or object storage for storing and retrieving data (S3).

I selected D, even though S3 has high availability to 11 9’s. The question started with EC2 Instance. EBS provides block level storage that is attached to EC2 Instances. They are also designed for High Availability.

Option C is the best solution that meets all the requirements with the least operational overhead: Use AWS KMS customer managed key for encryption Allow EC2 instance role access to use the KMS key Store encrypted data in Amazon S3

All data within EBS is stored in equally sized blocks. This system offers some performance advantages over traditional storage, and generally boasts lower latency, too. This would meet the near real time requirement over the S3 option