Q58 — AWS DVA-C02 Ch.1

Question 58 of 100 | ← Chapter 1

A company uses AWS CloudFormation templates as part of its AWS CodePipeline–based CI/CD automation to deploy all Amazon RDS DB instances. The DB instance master password must be automatically generated during deployment. Which solution satisfies these requirements with minimal development effort?

Correct Answer: D. Use an AWS::SecretsManager::Secret resource to generate a secure string. Store the secure string as a secret in AWS Secrets Manager. Use a secretsmanager dynamic reference to retrieve the stored value when creating the DB instance.

Explanation

Option D’s solution leverages AWS Secrets Manager to generate and store the secure string, then uses a secretsmanager dynamic reference to inject that value into the DB instance creation. This is a valid and recommended solution because AWS Secrets Manager is purpose-built for managing sensitive information, providing secure storage and fine-grained access control.