AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is implementing AWS Lambda functions to interact with an Amazon RDS for PostgreSQL database across both QA and production environments. The company requires a secure method to manage database credentials without embedding them in the application code, and it must support automatic password rotation. Which solution meets these security and operational requirements?
Explanation:
Option B is the correct answer. AWS Secrets Manager is specifically designed for storing and automatically rotating secrets such as database credentials. By storing the credentials in AWS Secrets Manager and enabling automatic rotation, the company can meet the requirements of securely managing credentials without embedding them in application code and ensuring that passwords are rotated automatically. Using Secrets Manager also allows for easy integration with AWS Lambda functions by referencing the secret as an environment variable. Other options either do not support automatic rotation of credentials (such as AWS Systems Manager Parameter Store and AWS KMS) or are not optimized for storing sensitive data like credentials (such as Amazon S3).