AWS Certified Developer – Associate (DVA-C02) — Question 232

A developer is creating an AWS Lambda function that will connect to an Amazon RDS for MySQL instance. The developer wants to store the database credentials. The database credentials need to be encrypted and the database password needs to be automatically rotated.

Which solution will meet these requirements?

Answer options

• A. Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.
• B. Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.
• C. Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.
• D. Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.

Correct answer: B

Explanation

The correct answer is B because AWS Secrets Manager is specifically designed for securely storing sensitive information like database credentials and includes built-in support for automatic credential rotation. Options A and C do not provide encryption and managed rotation as effectively as Secrets Manager, while option D incorrectly suggests using the X-Amz-Security-Token parameter, which is not suitable for storing database credentials.