MemberJuly 6, 2020 at 6:37 am
Since we don’t want the DevOps team to have access to the certificate, it is best to terminate the SSL on the ELB level rather than the EC2. Hence, the correct answer is configuring an IAM policy that authorizes access to the certificate store only for the cybersecurity team and then adding a configuration to terminate the SSL on the ELB.
Using the AWS Config service to configure the EC2 instances to retrieve the X.509 certificate upon boot from a CloudHSM that is managed by the cybersecurity team is incorrect because the AWS Config service simply enables you to assess, audit, and evaluate the configurations of your AWS resources. It does not grant any permission or access. In addition, CloudHSM is a managed hardware security module (HSM) in the AWS Cloud that handles encryption keys and not SSL certificates.
Is this correct? HSM) in the AWS Cloud that xxxxxx not SSL certificates.
MemberJuly 13, 2020 at 8:57 pm
Thank you for your feedback.
Can you post here the question you are pertaining to? The questions are randomized and I can’t identify your question from our question bank.
Thanks and Regards,
Kenneth Samonte @ Tutorials Dojo
Log in to reply.