AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Adjust the security groups to allow outbound connections from the Lambda function to the EC2 instance and inbound connections from the Lambda function to the EC2 instance.

The correct answer is B. The error 'setSecret: Unable to log into database' indicates a connectivity issue between the Lambda function and the EC2 instance where the database is running. The security groups must be configured to allow the necessary communication. Specifically, the security group attached to the Lambda function should allow outbound connections to the EC2 instance, and the security group attached to the EC2 instance should allow inbound connections from the Lambda function. This resolves the issue by ensuring proper network connectivity for the secret rotation process.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Adjust the security groups to allow outbound connections from the Lambda function to the EC2 instance and inbound connections from the Lambda function to the EC2 instance.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

During a test of an incident response plan for compromised credentials, a company encounters an issue where the rotation of a secret in AWS Secrets Manager fails. The secret, containing sensitive database credentials, is configured to rotate using a Lambda function based on a generic template. Both the database running on an EC2 instance and the Lambda function are located in the same private subnet of a VPC equipped with a Secrets Manager VPC endpoint. Despite confirming that the VPC endpoint is functioning correctly, the CloudWatch logs show an error: "setSecret: Unable to log into database". What should be done to resolve this error?

Exam-Like

Modify the JSON structure of the secret in Secrets Manager via the AWS Management Console to match the database's required format.

27.3%

Adjust the security groups to allow outbound connections from the Lambda function to the EC2 instance and inbound connections from the Lambda function to the EC2 instance.

45.5%

Utilize the AWS CLI to list the secret with the Secrets Manager list-secrets command, identify the database credentials, and force an immediate rotation with the rotate-secret command.

18.2%

Add an internet gateway to the VPC, create a NAT gateway in a public subnet, and update the VPC route tables to enable traffic from both the Lambda function and the EC2 instance to access the Secrets Manager public endpoint.