Answer-first summary for fast verification
Answer: Utilize AWS KMS and Secrets Manager to create and rotate credentials for the Aurora DB cluster every 14 days.
The correct answer is A. AWS Secrets Manager is designed specifically for managing secrets such as database credentials. It can automatically rotate credentials periodically—e.g., every 14 days—without needing manual intervention. This solution leverages AWS Secrets Manager's integration with AWS KMS to encrypt the credentials securely and automate their rotation with minimal operational effort. Other options involve more manual processes or less streamlined services that require additional implementation steps, making them less optimal for this requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a solutions architect meet the company's IT security guidelines requiring encrypted database credentials with a 14-day rotation period, using the least operational effort for a web application with an Amazon Aurora MySQL DB cluster and an application tier on Amazon EC2 instances?
A
Utilize AWS KMS and Secrets Manager to create and rotate credentials for the Aurora DB cluster every 14 days.
B
Employ AWS Systems Manager Parameter Store with KMS-encrypted parameters and a Lambda function to rotate the password every 14 days.
C
Use an AWS KMS-encrypted EFS to store and restrict access to credentials, with a Lambda function to update credentials every 14 days.
D
Keep credentials in an AWS KMS-encrypted S3 bucket, ensuring the application loads them regularly, and use a Lambda function to rotate credentials every 14 days.
No comments yet.