A company is developing a two-tier web application on AWS. Developers deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application and must automatically rotate the database credentials on a regular schedule. Which solution meets these requirements with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Store the database credentials as a secret in AWS Secrets Manager. Turn on automatic rotation for the secret. Attach the required permission to the EC2 role to grant access to the secret..
Why this is the answer
Storing database credentials in AWS Secrets Manager with automatic rotation enabled is the most efficient solution. Secrets Manager is designed specifically for managing and rotating credentials, including those for Amazon RDS, with built-in integration and minimal operational overhead. The EC2 instance can retrieve the credentials at runtime using an IAM role, avoiding hardcoding. Incorrect options: Storing credentials in instance metadata is insecure as instance metadata is accessible to any process on the EC2 instance. Manually managing rotation via EventBridge and Lambda adds significant operational overhead. Storing credentials in S3 and using EventBridge/Lambda for rotation is also high-overhead. S3 is not designed for secret management, and the application would need a mechanism to securely retrieve and update the S3
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed