Exam AWS Certified SysOps Administrator - Associate topic 1 question 53 discussion

To implement password rotation lifecycles, use AWS Secrets Manager. You can rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle using Secrets Manager. For more information, see What is AWS Secrets Manager? in the AWS Secrets Manager User Guide.

It should be only A since it's specifically asked for 'Operationally efficient' , means a solution that can contain with as less no. of services as possible and can deliver efficiency too.

Rotate Amazon RDS database credentials automatically with AWS Secrets Manager https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/

D The most operationally efficient solution would be to store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter, and then configure automatic rotation for the parameter every 365 days. This way, the credentials will be securely stored and automatically rotated as required by the compliance team. Options A and C both involve storing the credentials in different locations and using different methods for rotating the credentials, which would not be as operationally efficient. Option B involves using a database trigger to rotate the password, but this would require additional setup and maintenance, and may not be as reliable as using automatic rotation in AWS Systems Manager.

aaaaaaaaa

Ams: A

A is correct. We can confirm here https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html