Answer-first summary for fast verification
Answer: Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.
## Explanation **Option A is correct** because: 1. **AWS Secrets Manager** is specifically designed for managing secrets like database credentials 2. It has built-in **multi-Region secret replication** capabilities 3. It provides **automatic secret rotation** with minimal operational overhead 4. It integrates natively with **Amazon RDS**, making rotation seamless 5. The solution requires minimal custom code or infrastructure management **Option B is incorrect** because: - AWS Systems Manager Parameter Store does support secure string parameters, but it doesn't have built-in multi-Region replication or automatic rotation capabilities like Secrets Manager - You would need to build custom solutions for both replication and rotation **Option C is incorrect** because: - Storing credentials in S3 requires building custom rotation logic - You need to manage Lambda functions, EventBridge rules, and security configurations - No built-in multi-Region replication or rotation capabilities - Higher operational overhead **Option D is incorrect** because: - Requires building a complex custom solution with DynamoDB global tables, Lambda functions, and KMS keys - No built-in rotation capabilities - Highest operational overhead among all options - Requires managing multiple AWS services and custom code **Key AWS Services Knowledge:** - **AWS Secrets Manager**: Purpose-built for secrets management with automatic rotation - **Multi-Region Secrets**: Can replicate secrets across regions for disaster recovery - **RDS Integration**: Can automatically rotate RDS database credentials - **Least Operational Overhead**: The question emphasizes minimizing management effort, making the managed service (Secrets Manager) the best choice
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions. Which solution will meet these requirements with the LEAST operational overhead?
A
Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.
B
Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter. Use multi-Region secret replication for the required Regions. Configure Systems Manager to rotate the secrets on a schedule.
C
Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.
D
Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoDB. Use the RDS API to rotate the secrets.