AWS Certified Solutions Architect – Associate (SAA-C03) — Question 701

A company is building an application on AWS that connects to an Amazon RDS database. The company wants to manage the application configuration and to securely store and retrieve credentials for the database and other services.

Which solution will meet these requirements with the LEAST administrative overhead?

Answer options

• A. Use AWS AppConfig to store and manage the application configuration. Use AWS Secrets Manager to store and retrieve the credentials.
• B. Use AWS Lambda to store and manage the application configuration. Use AWS Systems Manager Parameter Store to store and retrieve the credentials.
• C. Use an encrypted application configuration file. Store the file in Amazon S3 for the application configuration. Create another S3 file to store and retrieve the credentials.
• D. Use AWS AppConfig to store and manage the application configuration. Use Amazon RDS to store and retrieve the credentials.

Correct answer: A

Explanation

AWS AppConfig is designed specifically for managing, deploying, and validating application configurations with minimal administrative effort. AWS Secrets Manager is the optimal AWS service for securely storing, rotating, and retrieving database credentials. Other alternatives, such as storing credentials in Amazon S3 or Amazon RDS, or using AWS Lambda for configuration management, require significant custom development and lack native security and rotation capabilities.