Explanation:
AWS Secrets Manager is the correct service for storing and automatically rotating database credentials. AWS KMS is used for encryption keys, not credentials. Amazon RDS Proxy is a fully managed, highly available database proxy for RDS that handles unpredictable surges in database traffic by multiplexing and pooling connections. Read replicas are designed to scale read-heavy workloads, not write-intensive workloads or connection surges.
Ultimate access to all questions.
Question #23
A CloudOps engineer is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a CloudOps engineer choose to meet these requirements?
A
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
B
Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
C
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
D
Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
No comments yet.