A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.
Which solution will meet these requirements with the LEAST operational overhead?
To meet the requirement of rotating credentials for Amazon RDS for MySQL databases across multiple AWS Regions with the least operational overhead, storing the credentials as secrets in AWS Secrets Manager and using multi-Region secret replication is the most efficient solution. AWS Secrets Manager provides integrated support for automated secret rotation on a schedule, secure storage, and multi-Region replication. This minimizes manual intervention and simplifies the management of secrets across multiple regions.
A is correct. https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/
Keywords: - rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions - LEAST operational overhead A: Correct - AWS Secrets Manager supports - Encrypt credential for RDS, DocumentDb, Redshift, other DBs and key/value secret. - multi-region replication. - Remote base on schedule B: Incorrect - Secure string parameter only apply for Parameter Store. All the data in AWS Secrets Manager is encrypted C: Incorrect - don't mention about replicate S3 across region. D: Incorrect - So many steps compare to answer A =))
Option A: Storing the credentials as secrets in AWS Secrets Manager provides a dedicated service for secure and centralized management of secrets. By using multi-Region secret replication, the company ensures that the secrets are available in the required Regions for rotation. Secrets Manager also provides built-in functionality to rotate secrets automatically on a defined schedule, reducing operational overhead. This automation simplifies the process of rotating credentials for the Amazon RDS for MySQL databases during monthly maintenance activities.
It's A, as Secrets Manager does support replicating secrets into multiple AWS Regions: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/ With Secrets Manager, you can store, retrieve, manage, and rotate your secrets, including database credentials, API keys, and other secrets. When you create a secret using Secrets Manager, it’s created and managed in a Region of your choosing. Although scoping secrets to a Region is a security best practice, there are scenarios such as disaster recovery and cross-Regional redundancy that require replication of secrets across Regions. Secrets Manager now makes it possible for you to easily replicate your secrets to one or more Regions to support these scenarios.
it's A, here the question specify that we want the LEAST overhead
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/ A is answer
A is correct.
A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule. This solution is the best option for meeting the requirements with the least operational overhead. AWS Secrets Manager is designed specifically for managing and rotating secrets like database credentials. Using multi-Region secret replication, you can easily replicate the secrets across the required AWS Regions. Additionally, Secrets Manager allows you to configure automatic secret rotation on a schedule, further reducing the operational overhead.
A is correct answer.
Option A MET THE REQUIREMENT
'The company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions' = AWS Secrets Manager
So this is what I thought https://youtube.com/shorts/6YSBv95V2cs?feature=share What is a secure string parameter? https://youtube.com/shorts/-6wJOqZ93co?feature=share
Clearly A is the correct one.
Answer-A
A is correct.
A - Secrets Manager automates the rotation of secrets for RDS without own implementation required, the options require effort to implement the secret rotation logic