Answer-first summary for fast verification
Answer: Place the application's database credentials in AWS Secrets Manager, ensure the application retrieves credentials from Secrets Manager, and establish a rotation schedule for the credentials within the RDS MySQL instance using Secrets Manager.
The correct answer is C. This solution involves creating credentials for the application user on the RDS MySQL database and securely storing these credentials in AWS Secrets Manager. The application will be configured to retrieve the credentials from Secrets Manager, and a credentials rotation schedule will be set up using Secrets Manager. This approach provides a managed solution for credential storage and rotation with minimal programming effort, ensuring enhanced security. Option A, while secure, involves more effort in key management and integration. Option B requires additional implementation of a Lambda function, which increases complexity. Option D involves AWS Systems Manager Parameter Store, but AWS Secrets Manager is a more suitable service for managing database credentials, including rotation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a solutions architect enhance the security of a custom application with embedded credentials accessing an Amazon RDS MySQL instance, with minimal programming changes?
A
Implement AWS KMS for key creation, integrate AWS KMS with the application for credential retrieval, and apply automatic key rotation.
B
Utilize AWS Secrets Manager to store and manage the application's database credentials, configure the application to fetch credentials from Secrets Manager, and deploy a Lambda function for credential rotation.
C
Place the application's database credentials in AWS Secrets Manager, ensure the application retrieves credentials from Secrets Manager, and establish a rotation schedule for the credentials within the RDS MySQL instance using Secrets Manager.
D
Secure the application's database credentials using AWS Systems Manager Parameter Store, set the application to access credentials from Parameter Store, and create a rotation schedule for the RDS MySQL user credentials via Parameter Store.
No comments yet.