Learn how to incorporate AWS X-Ray into an application that handles personal identifiable information (PII) securely. Find out the best solution to ensure that no PII goes outside of the Amazon EC2 instances where the application is hosted.
Table of Contents
Question
A developer is incorporating AWS X-Ray into an application that handles personal identifiable information (PII). The application is hosted on Amazon EC2 instances. The application trace messages include encrypted PII and go to Amazon CloudWatch. The developer needs to ensure that no PII goes outside of the EC2 instances.
Which solution will meet these requirements?
A. Manually instrument the X-Ray SDK in the application code.
B. Use the X-Ray auto-instrumentation agent.
C. Use Amazon Macie to detect and hide PII. Call the X-Ray API from AWS Lambda.
D. Use AWS Distro for Open Telemetry.
Answer
A. Manually instrument the X-Ray SDK in the application code.
Explanation
The correct answer is A. Manually instrument the X-Ray SDK in the application code.
This solution will meet the requirements because it will allow the developer to have full control over what data is sent to X-Ray and CloudWatch. The developer can use the X-Ray SDK to instrument the application code and filter out any PII from the trace messages before sending them to the X-Ray daemon. The developer can also use encryption or hashing techniques to protect the PII in transit and at rest. The developer can also configure the X-Ray daemon to send trace data only to X-Ray and not to CloudWatch, or use a custom CloudWatch agent to filter out any PII from the log messages.
The other options are not optimal or secure for the following reasons:
B. Using the X-Ray auto-instrumentation agent will not meet the requirements, as it will automatically instrument all incoming and outgoing requests and send trace data to both X-Ray and CloudWatch without any filtering or encryption. This may expose PII outside of the EC2 instances.
C. Using Amazon Macie to detect and hide PII and calling the X-Ray API from AWS Lambda will not meet the requirements, as it will introduce unnecessary complexity and latency to the application. Amazon Macie is a service that uses machine learning and pattern matching to discover, classify, and protect sensitive data in AWS. It is not designed for real-time filtering of trace messages. Calling the X-Ray API from AWS Lambda will also incur additional costs and require additional permissions and configuration.
D. Using AWS Distro for Open Telemetry will not meet the requirements, as it is a distribution of open source software that collects traces, metrics, and logs from applications. It does not provide any built-in filtering or encryption capabilities for PII. It also requires additional installation and configuration steps on the EC2 instances.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.