A company runs a Node js function on a server in its on-premises data center. The data ce…

Question

A company runs a Node js function on a server in its on-premises data center. The data center stores data in a PostgreSQL database. The company stores the credentials in a connection string in an environment variable on the server. The company wants to migrate its application to AWS and to replace the Node.js application server with AWS Lambda. The company also wants to migrate to Amazon RDS for PostgreSQL and to ensure that the database credentials are securely managed. Which solution will meet these requirements with the LEAST operational overhead?

Accepted Answer

Correct answer: B. B. Store the database credentials as a secret in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials every 30 days. Update the Lambda function to retrieve the credentials from the secret. — AWS Secrets Manager natively supports automatic rotation for Amazon RDS databases, making Option B the solution with the least operational overhead. AWS Systems Manager Parameter Store (Option A) does not offer built-in automatic rotation for database credentials without writing custom rotation code. Storing credentials in Lambda environment variables with custom rotation (Option C) or abusing AWS KMS keys to store raw database credentials (Option D) introduces significant administrative complexity and violates AWS best practices.

AWS Certified Solutions Architect – Associate (SAA-C03) — Question 926

Answer options

Correct answer: B

Explanation