AWS Certified Developer – Associate (DVA-C02) — Question 180

A company is using AWS CloudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.
• B. Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.
• C. Use a cron daemon on the application’s host to generate and rotate the password.
• D. Use an AWS Secrets Manager resource to generate and rotate the password.

Correct answer: D

Explanation

The correct answer is D, as AWS Secrets Manager is specifically designed for storing and managing secrets such as database passwords, and it provides seamless password rotation without requiring changes to the application. Option A, while functional, involves more complexity with Lambda functions, and option B does not provide the same level of automated rotation as Secrets Manager. Option C is not efficient, as relying on a cron daemon adds unnecessary overhead and complexity to the management of the password.