AWS - Advanced Security
You want your application to automatically rotate database credentials stored in Secrets Manager every 30 days. Which approach is best to achieve this securely and with minimal manual work?
You want your application to automatically rotate database credentials stored in Secrets Manager every 30 days. Which approach is best to achieve this securely and with minimal manual work?
hard📝 Application Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Understand Secrets Manager rotation feature
Secrets Manager supports automatic rotation using Lambda functions to update credentials securely without manual intervention.Step 2: Compare options for automation and security
Enable Secrets Manager automatic rotation with a Lambda function that updates the database credentials uses built-in rotation with Lambda, which is secure and automatic. Options B, C, and D require manual steps or insecure practices.Final Answer:
Enable Secrets Manager automatic rotation with a Lambda function that updates the database credentials -> Option AQuick Check:
Automatic rotation with Lambda = best practice [OK]
Quick Trick: Use Secrets Manager rotation with Lambda for auto updates [OK]
Common Mistakes:
- Relying on manual updates risking stale credentials
- Storing secrets insecurely in environment variables
- Using external cron jobs instead of built-in rotation
Master "Advanced Security" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes