AWS Certified Developer – Associate (DVA-C02) — Question 267

A company runs a serverless application on AWS. The application includes an AWS Lambda function. The Lambda function processes data and stores the data in an Amazon RDS for PostgreSQL database. A developer created a user credentials in the database for the application.

The developer needs to use AWS Secrets Manager to manage the user credentials. The password must to be rotated on a regular basis. The solution needs to ensure that there is high availability and no downtime for the application during secret rotation.

What should the developer do to meet these requirements?

Answer options

• A. Configure managed rotation with the single user rotation strategy.
• B. Configure managed rotation with the alternating users rotation strategy.
• C. Configure automatic rotation with the single user rotation strategy.
• D. Configure automatic rotation with the alternating users rotation strategy.

Correct answer: D

Explanation

To prevent downtime during database credential rotation in AWS Secrets Manager, the alternating users rotation strategy must be used, which updates a clone user's password while keeping the original active until the switchover is complete. This must be paired with automatic rotation to ensure the process runs regularly without manual intervention. The single user rotation strategy is unsuitable because it changes the active user's password directly, which can cause transient connection failures for the application during the rotation window.