AWS Certified Solutions Architect - Associate

Explanation

Correct Answer: C - Integrate AWS Secrets Manager with Amazon RDS for PostgreSQL to automate password rotation.

AWS Secrets Manager is specifically designed for managing and rotating secrets like database passwords. It provides:

1. Automatic rotation - Can be configured to rotate secrets on a schedule (e.g., every 30 days)
2. Built-in RDS integration - Has native support for rotating RDS database passwords
3. Least operational overhead - Requires minimal setup and maintenance compared to custom solutions
4. Security best practices - Automatically updates the password in both RDS and any applications using the secret

Why other options are not optimal:

• A: While this works, it requires custom Lambda function development, EventBridge rule setup, and ongoing maintenance - more operational overhead.
• B: Manual CLI commands require manual intervention every 30 days, creating operational overhead and potential for human error.
• D: AWS Systems Manager Parameter Store can store secrets but doesn't have built-in automatic rotation capabilities for RDS passwords like Secrets Manager does.

Key AWS Services:

• AWS Secrets Manager: Managed service for secrets with automatic rotation
• Amazon RDS: Relational Database Service
• PostgreSQL: Database engine

Best Practice: Always use managed services like Secrets Manager for secret rotation to minimize operational overhead and ensure security compliance.