Answer-first summary for fast verification
Answer: AWS Secrets Manager
## Explanation **AWS Secrets Manager is CORRECT** because it is designed to securely store, manage, and retrieve secrets such as Amazon RDS database credentials, API keys, and other sensitive information. It also provides built-in automatic rotation of secrets, including database credentials, using AWS Lambda functions—helping improve security and reduce the risk of credential leakage or misuse. ### Why other options are incorrect: - **Amazon S3**: While S3 can store data securely, it doesn't provide built-in secret rotation capabilities or specialized secret management features. - **AWS Systems Manager Parameter Store**: This service can store configuration data and secrets, but it doesn't have built-in automatic rotation capabilities like Secrets Manager. - **AWS CloudTrail**: This is a logging service that records AWS API calls, not a secret management service. ### Key Features of AWS Secrets Manager: 1. **Secure storage**: Encrypts secrets at rest using AWS KMS 2. **Automatic rotation**: Can automatically rotate secrets on a schedule 3. **Fine-grained access control**: Integrates with AWS IAM for access management 4. **Audit logging**: Tracks access to secrets 5. **RDS integration**: Specifically designed to work with Amazon RDS databases
Author: Ritesh Yadav
Ultimate access to all questions.
A company wants to securely store Amazon RDS database credentials and automatically rotate user passwords periodically. Which AWS service or capability will meet these requirements?
A
Amazon S3
B
AWS Systems Manager Parameter Store
C
AWS Secrets Manager
D
AWS CloudTrail
No comments yet.