AWS Certified Solutions Architect – Associate (SAA-C03) — Question 983

A company is designing a new internal web application in the AWS Cloud. The new application must securely retrieve and store multiple employee usernames and passwords from an AWS managed service.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve usernames and passwords from Parameter Store.
• B. Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.
• C. Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Parameter Store.
• D. Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

Correct answer: D

Explanation

AWS Secrets Manager is the native service designed for storing sensitive credentials and supports the BatchGetSecretValue API, whereas AWS Systems Manager Parameter Store does not utilize this API. Furthermore, retrieving the secrets directly using AWS CloudFormation and the BatchGetSecretValue API avoids the unnecessary operational overhead and complexity of deploying AWS Batch. Therefore, Option D is the most direct and efficient solution.