During a test of an incident response plan for compromised credentials, a company encounters an issue where the rotation of a secret in AWS Secrets Manager fails. The secret, containing sensitive database credentials, is configured to rotate using a Lambda function based on a generic template. Both the database running on an EC2 instance and the Lambda function are located in the same private subnet of a VPC equipped with a Secrets Manager VPC endpoint. Despite confirming that the VPC endpoint is functioning correctly, the CloudWatch logs show an error: "setSecret: Unable to log into database". What should be done to resolve this error?

Exam-Like

Modify the JSON structure of the secret in Secrets Manager via the AWS Management Console to match the database's required format.

37.5%

Adjust the security groups to allow outbound connections from the Lambda function to the EC2 instance and inbound connections from the Lambda function to the EC2 instance.

37.5%

Utilize the AWS CLI to list the secret with the Secrets Manager list-secrets command, identify the database credentials, and force an immediate rotation with the rotate-secret command.

25.0%

Add an internet gateway to the VPC, create a NAT gateway in a public subnet, and update the VPC route tables to enable traffic from both the Lambda function and the EC2 instance to access the Secrets Manager public endpoint.

0.0%

AWS Certified Security - Specialty

Get started today

Comments