AWS Certified Developer – Associate (DVA-C02) — Question 92

A developer is writing an application for a company. The application will be deployed on Amazon EC2 and will use an Amazon RDS for Microsoft SQL Server database. The company's security team requires that database credentials are rotated at least weekly.

How should the developer configure the database credentials for this application?

Answer options

• A. Create a database user. Store the user name and password in an AWS Systems Manager Parameter Store secure string parameter. Enable rotation of the AWS Key Management Service (AWS KMS) key that is used to encrypt the parameter.
• B. Enable IAM authentication for the database. Create a database user for use with IAM authentication. Enable password rotation.
• C. Create a database user. Store the user name and password in an AWS Secrets Manager secret that has daily rotation enabled.
• D. Use the EC2 user data to create a database user. Provide the user name and password in environment variables to the application.

Correct answer: C

Explanation

The correct answer is C because AWS Secrets Manager provides an effective way to securely store and rotate credentials automatically, ensuring compliance with the security team's weekly rotation requirement. Option A does not meet the requirement for frequent rotation, while option B lacks automatic credential management. Option D is insecure as it exposes credentials in environment variables.