AWS Certified Database – Specialty — Question 240

A database specialist needs to enable IAM authentication on an existing Amazon Aurora PostgreSQL DB cluster. The database specialist already has modified the DB cluster settings, has created IAM and database credentials, and has distributed the credentials to the appropriate users.

What should the database specialist do next to establish the credentials for the users to use to log in to the DB cluster?

Answer options

• A. Add the users' IAM credentials to the Aurora cluster parameter group.
• B. Run the generate-db-auth-token command with the user names to generate a temporary password for the users.
• C. Add the users' IAM credentials to the default credential profile, Use the AWS Management Console to access the DB cluster.
• D. Use an AWS Security Token Service (AWS STS) token by sending the IAM access key and secret key as headers to the DB cluster API endpoint.

Correct answer: B

Explanation

The correct answer is B, as running the generate-db-auth-token command provides users with a temporary password necessary for accessing the DB cluster using IAM authentication. Option A is incorrect because IAM credentials do not belong in the Aurora parameter group. Option C is also incorrect since using the AWS Management Console does not directly provide users with login credentials. Option D is not the right approach because it involves using STS tokens, which is not necessary for this specific login process.