Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 61 discussion

Secrets manager supports Autorotation unlike Parameter store.

The correct solution is C. Store the database credentials as a secret in AWS Secrets Manager. Turn on automatic rotation for the secret. Attach the required permission to the EC2 role to grant access to the secret. AWS Secrets Manager is a service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. By storing the database credentials as a secret in Secrets Manager, you can ensure that they are not hardcoded in the application and that they are automatically rotated on a regular basis. To grant the EC2 instance access to the secret, you can attach the required permission to the EC2 role. This will allow the application to retrieve the secret from Secrets Manager as needed.

- automatically rotate credentials on regular basis -> AWS Secret Manager

Keyword: database credentials. AWS secrets managers will handle it.

Rotating the credentials is a feature provided by AWS Secrets Manager

Ans C - Secrets Manager, provides rotation - and also a lot more API calls

parameter store does not have auto rotation

test kjlshfjkh jfskjfnkj kj bskjfb kj kjs bfkjs b kjf

Secrets Manager is purpose built for this scenario AB are wrong and insecure way of doing this D Parameter store with encrypted string can be used for this but is not ideal choice and AFAIK it does not support automatic rotation without extra programming

C - "Auto Rotation"

AWS Secrets Manager is a service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. By storing the database credentials as a secret in Secrets Manager, you can ensure that they are not hardcoded in the application and that they are automatically rotated on a regular basis. To grant the EC2 instance access to the secret, you can attach the required permission to the EC2 role.

Storing the credentials in AWS Secrets Manager and enabling automatic rotation meets the requirements with the least operational overhead. The EC2 instance role just needs permission to access the secret, and Secrets Manager handles rotating the credentials automatically on a schedule.

Key Autorotation = AWS Secrets Manager

Option C is the right answer.

Storing the credentials in Secrets Manager provides dedicated and secure management. With automatic rotation enabled, Secrets Manager handles the credential updates automatically. Attaching the necessary permissions to the EC2 role allows the application to securely access the secret. This approach minimizes operational overhead and provides a secure and managed solution for credential management.

The solution that meets the requirements with the least operational overhead, is option C.

My choice is c.