AWS Certified Solutions Architect – Associate (SAA-C03) — Question 624

A company runs its databases on Amazon RDS for PostgreSQL. The company wants a secure solution to manage the master user password by rotating the password every 30 days.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Use Amazon EventBridge to schedule a custom AWS Lambda function to rotate the password every 30 days.
• B. Use the modify-db-instance command in the AWS CLI to change the password.
• C. Integrate AWS Secrets Manager with Amazon RDS for PostgreSQL to automate password rotation.
• D. Integrate AWS Systems Manager Parameter Store with Amazon RDS for PostgreSQL to automate password rotation.

Correct answer: C

Explanation

AWS Secrets Manager features built-in, native integration with Amazon RDS for PostgreSQL to automatically rotate database credentials without requiring custom code, making it the option with the least operational overhead. AWS Systems Manager Parameter Store does not natively support automated rotation for RDS out of the box. Custom Lambda functions triggered by Amazon EventBridge or manual AWS CLI commands require significantly more operational effort to implement and maintain.