AWS Certified Solutions Architect – Associate (SAA-C03) — Question 97

A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.
Which solution meets these requirements?

Answer options

• A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.
• B. Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.
• C. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.
• D. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.

Correct answer: A

Explanation

The correct answer is A because AWS Secrets Manager is designed specifically for securely storing and managing sensitive information like database credentials, and it supports automatic credential rotation. The other options are less suitable: B uses OpsCenter which is not intended for credential management, C involves S3 which lacks built-in rotation capabilities, and D requires manual handling of decryption which could complicate security management.