A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?
To minimize the operational overhead of credential management for an application using Amazon EC2 instances and an Amazon Aurora database, the most suitable option is to use AWS Secrets Manager with automatic rotation. AWS Secrets Manager allows for the secure storage, management, and automated rotation of database credentials, API keys, and other secrets, reducing the need for manual credential updates and improving security compliance. By turning on automatic rotation, the company ensures that credentials are regularly updated without human intervention, minimizing operational overhead effectively.
B is wrong because parameter store does not support auto rotation, unless the customer writes it themselves, A is the answer.
ty bro, I was confused about that and you just mentioned the "key" phrase, B doesn't support autorotation
READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ y https://aws.amazon.com/secrets-manager/?nc1=h_ls
Read this - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html It says SSM Parameter store cant rotate automatically.
you are right
correct. see link https://tutorialsdojo.com/aws-secrets-manager-vs-systems-manager-parameter-store/ for differences between SSM Parameter Store and AWS Secrets Manager
That was a fantastic link. This part of their site "comparison of AWS services" is superb. Thanks.
A - additionally, Aurora manages the settings for the secret and rotates the secret every seven days by default.
Admin is trying to fail everybody in the exam.
RIGHT? I found a bunch of "correct" answers on here are not really correct, but they're not corrected? hhmmmmm
He wants you to read discussion part as well for better understanding
If most Voted answers is done by us, then Who is marking the answers as Correct ?
Aurora automatically stores and manages database credentials in AWS Secrets Manager. Aurora rotates database credentials regularly, without requiring application changes. Secrets Manager secures database credentials from human access and plain text view. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
B becasue the user wants reduce costs and SSM Parameter Store layer Standard is free and the type SecureString uses KMS
It should be "A."
A: READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ y https://aws.amazon.com/secrets-manager/?nc1=h_ls Read this - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html It says SSM Parameter store cant rotate automatically.
I copy and paste the question & options to ChatGPT, and ChatGPT give the answer is A
A - SECREATS MANAGER
A is correct
BCD are extremely high operational overhead and not secure like A
Secret manager with auto rotation.
The most suitable option for minimizing operational overhead of credential management in this scenario is: B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation. AWS Systems Manager Parameter Store is a service that helps you manage configuration data, including sensitive information such as passwords and database strings, in a central, secure store. With automatic rotation enabled, the credentials can be automatically updated at scheduled intervals, reducing the manual effort required for credential management.
SSM has no automatic rotation.
Secrets Manager, as The Mandalorian would say "this is the way!"
Answer A is correct
Parameter Store: Storing and managing a database connection string or API endpoint URL that doesn’t require frequent rotation. Secrets Manager: Storing and managing database credentials that need to be rotated regularly for security compliance.