Answer-first summary for fast verification
Answer: Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
AWS Secrets Manager is the correct service for storing and automatically rotating database credentials. AWS KMS is used for encryption keys, not credentials. Amazon RDS Proxy is a fully managed, highly available database proxy for RDS that handles unpredictable surges in database traffic by multiplexing and pooling connections. Read replicas are designed to scale read-heavy workloads, not write-intensive workloads or connection surges.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #23
A CloudOps engineer is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a CloudOps engineer choose to meet these requirements?
A
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
B
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
C
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
D
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
No comments yet.