AWS Certified SysOps Administrator – Associate — Question 97

A SysOps administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.
• B. Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.
• C. Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
• D. Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Correct answer: B

Explanation

The correct answer is B because AWS Secrets Manager is specifically designed for managing sensitive information like database credentials and supports automatic rotation natively with minimal overhead. Option A requires manual intervention and does not provide the same level of integration. Options C and D involve more complexity by requiring AWS Lambda functions, which adds operational overhead compared to the built-in capabilities of Secrets Manager.