AWS Certified Developer – Associate — Question 210

A company is using AWS CloudFormation to deploy a two-tier application. The application will use Amazon RDS as its backend database. The company wants a solution that will randomly generate the database password during deployment. The solution also must automatically rotate the database password without requiring changes to the application.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.
• B. Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.
• C. Use a cron daemon on the application’s host to generate and relate the password.
• D. Use an AWS Secrets Manager resource to generate and rotate the password.

Correct answer: D

Explanation

The correct answer is D because AWS Secrets Manager is specifically designed for managing secrets like database passwords, providing automatic rotation without affecting application code. Option A, while functional, requires additional setup with Lambda, making it less efficient. Option B is a viable option but lacks the dedicated features of Secrets Manager for secret management. Option C is not suitable as it requires manual management and does not integrate well with AWS services.