AWS Certified Solutions Architect – Associate (SAA-C03) — Question 828

A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

Which solution meets this requirement with the LEAST operational overhead?

Answer options

• A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.
• B. Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.
• C. Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.
• D. Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.

Correct answer: A

Explanation

AWS Secrets Manager natively supports automatic password rotation for Amazon RDS databases, including PostgreSQL, with minimal configuration using built-in integration templates. AWS Systems Manager Parameter Store does not offer native automatic rotation for secrets, meaning any rotation would require manual implementation of an AWS Lambda function. AWS KMS is designed for managing encryption keys rather than storing and rotating database user credentials.