AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 22

A CloudOps engineer is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a CloudOps engineer choose to meet these requirements?

Answer options

• A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
• B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
• C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
• D. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.

Correct answer: C

Explanation

The correct answer is C because AWS Secrets Manager is specifically designed for managing and rotating database credentials, ensuring security and compliance. RDS Proxy effectively handles sudden spikes in database connections, which is critical for write-intensive applications. Options A and B use AWS KMS, which does not manage credentials effectively, while D uses read replicas that are not optimal for handling write-heavy workloads.