Amazon Web Services Navigating GDPR Compliance on AWS
11
Access to Operational & Configuration Data
You can use AWS Systems Manager to see and manage the operations of your AWS
infrastructure. You can audit and enforce compliance to defined states. AWS Systems
Manager Parameter Store can centrally manage data defining parameters. This enables
you to implement granular access to parameter data, whether it is plain-text data (such
as database strings) or secrets (such as passwords). You can provide this access
control through customized permissions to users and resources (such as instances) for
parameter access and to use the integration with IAM. For example, in a development
environment, credentials are often hardcoded. Instead of hardcoding your credentials,
you can use Parameter Store to save passwords and allow your developers to get
access to the credentials with the AWS API get-parameter .
The following API snippet example shows the password retrieval get-parameter:
Another available option for protecting secrets needed to access your applications,
services, and IT resources is AWS Secrets Manager. The service enables you to easily
rotate, manage, and retrieve database credentials, API keys, and other secrets
throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets
Manager APIs, eliminating the need to hardcode sensitive information in plain text.
Secrets Manager offers secret rotation with built-in integration for Amazon RDS,
Amazon Redshift, and Amazon DocumentDB.