A company has several web servers that frequently access a shared Amazon RDS MySQL Multi-AZ DB instance. The company requires a secure method for the web servers to connect to the database and must rotate user credentials frequently. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager..
Why this is the answer
AWS Secrets Manager is the most appropriate solution because it is designed for secure storage and automatic rotation of credentials, including database credentials. By storing credentials in Secrets Manager, the web servers can retrieve them programmatically, and Secrets Manager handles the frequent rotation requirement. IAM permissions can be precisely configured to grant the web servers access to specific secrets. AWS Systems Manager OpsCenter is for operational issues and insights, not for credential storage. Storing credentials in an Amazon S3 bucket is less secure and lacks built-in rotation capabilities. Encrypting credentials on the web server file system with AWS KMS still requires a mechanism to manage and rotate those credentials, which Secrets Manager provides natively.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed