Which approach is standard for secure service-to-service authentication in a microservices architecture on AWS?

Sharpen your skills for the AWS Certified Solutions Architect Professional Exam. Dive into flashcards, multiple choice questions, each with detailed explanations and hints. Perfect your knowledge and get ready to ace the AWS exam!

Multiple Choice

Which approach is standard for secure service-to-service authentication in a microservices architecture on AWS?

Explanation:
The approach for secure service-to-service authentication in AWS is to use IAM roles for the services and obtain temporary credentials via STS, with optional mutual TLS in a service mesh for additional request-level verification. Assign each service (or its workload) an IAM role and have it assume that role to receive short-lived credentials, enabling fine-grained permissions and easy rotation/revocation without embedding secrets. This leverages AWS’s native identity and access management, making permissions auditable and controllable across accounts and services. You can augment this with mutual TLS in a service mesh (like AWS App Mesh) to encrypt traffic and verify service identities at the network level, adding strong encryption and runtime authentication between services. Cognito User Pools are designed for end-user authentication, not machine-to-machine service authentication. They provide user tokens for human principals and aren’t as seamlessly integrated with IAM policies and resource-level permissions required for service-to-service calls. Hard-coding credentials or using API keys without rotation are insecure practices that don’t leverage the robust, auditable IAM framework.

The approach for secure service-to-service authentication in AWS is to use IAM roles for the services and obtain temporary credentials via STS, with optional mutual TLS in a service mesh for additional request-level verification. Assign each service (or its workload) an IAM role and have it assume that role to receive short-lived credentials, enabling fine-grained permissions and easy rotation/revocation without embedding secrets. This leverages AWS’s native identity and access management, making permissions auditable and controllable across accounts and services. You can augment this with mutual TLS in a service mesh (like AWS App Mesh) to encrypt traffic and verify service identities at the network level, adding strong encryption and runtime authentication between services.

Cognito User Pools are designed for end-user authentication, not machine-to-machine service authentication. They provide user tokens for human principals and aren’t as seamlessly integrated with IAM policies and resource-level permissions required for service-to-service calls. Hard-coding credentials or using API keys without rotation are insecure practices that don’t leverage the robust, auditable IAM framework.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy