A company has a custom application with embedded credentials that retrieves data from an Amazon RDS for MySQL DB cluster. The company needs to secure the application with minimal programming effort. They have created credentials on the RDS database for the application user. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule by creating an AWS Lambda function for Secrets Manager..
Why this is the answer
AWS Secrets Manager is designed for managing, retrieving, and rotating database credentials, API keys, and other secrets throughout their lifecycle. It integrates directly with Amazon RDS for automatic rotation, which can be extended to custom applications using Lambda functions, minimizing programming effort. Storing credentials in AWS KMS is for encryption, not direct credential management and retrieval by applications. Encrypted local storage lacks centralized management and automated rotation. AWS Systems Manager Parameter Store can store secrets, but its automated rotation capabilities are not as robust or integrated as Secrets Manager, especially for database credentials.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed