AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
How can a solutions architect meet the company's IT security guidelines requiring encrypted database credentials with a 14-day rotation period, using the least operational effort for a web application with an Amazon Aurora MySQL DB cluster and an application tier on Amazon EC2 instances?
How can a solutions architect meet the company's IT security guidelines requiring encrypted database credentials with a 14-day rotation period, using the least operational effort for a web application with an Amazon Aurora MySQL DB cluster and an application tier on Amazon EC2 instances?
Explanation:
The correct answer is A. AWS Secrets Manager is designed specifically for managing secrets such as database credentials. It can automatically rotate credentials periodically—e.g., every 14 days—without needing manual intervention. This solution leverages AWS Secrets Manager's integration with AWS KMS to encrypt the credentials securely and automate their rotation with minimal operational effort. Other options involve more manual processes or less streamlined services that require additional implementation steps, making them less optimal for this requirement.