Q34 — AWS SAA-C03 Ch.3

Question 34 of 65 | ← Chapter 3

Q164. A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?

Correct Answer: A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule

Explanation

To meet the requirement of rotating the credentials for Amazon RDS for MySQL databases across multiple AWS Regions during monthly maintenance activities with the least operational overhead, a solutions architect should store the credentials as secrets in AWS Secrets Manager and use multi-Region secret replication for the required Regions. The solution should be configured to rotate the secrets on a schedule. Therefore, option A is the correct answer.Option B suggests using AWS Systems Manager instead of AWS Secrets Manager, which is not ideal as Systems Manager is not specifically designed for storing and rotating secrets.Option C suggests storing the credentials in an S3 bucket and using Amazon EventBridge to invoke a Lambda function to rotate the credentials. While this could work, it requires more manual configuration and does not provide the same level of integration and automation as using AWS Secrets Manager.Option D suggests using KMS to encrypt the credentials, storing them in a DynamoDB global table, and using a Lambda function to retrieve and rotate the secrets using the RDS API. This approach can work but requires more manual configuration and does not provide the same level of integration and automation as using AWS Secrets Manager.AWS Secrets Manager is designed specifically for storing and rotating secrets, providing a simple and fully managed solution for managing credentials. Using multi-Region secret replication ensures that the credentials are available in all required Regions, while configuring rotation on a schedule minimizes operational overhead. This approach provides a secure, scalable, and reliable solution for rotating credentials for Amazon RDS for MySQL databases.