Question #877
A developer needs to securely store database credentials, automate their rotation every 30 days, and reduce manual intervention in their application's credential management process. Which AWS service should they use?
AWS Systems Manager Parameter Store
AWS Key Management Service (AWS KMS)
AWS Secrets Manager
AWS CloudHSM
Explanation
AWS Secrets Manager is designed to manage secrets like database credentials securely. It provides automatic rotation of secrets using AWS Lambda functions, which can be scheduled (e.g., every 30 days), eliminating manual processes.
Why other options are incorrect:
- A. AWS Systems Manager Parameter Store: While it can store secrets as SecureString parameters, it lacks native automatic rotation capabilities, requiring custom scripting.
- B. AWS KMS: A key management service for encryption keys, not for storing or rotating credentials.
- D. AWS CloudHSM: Focuses on secure hardware-based key storage, not secret management or rotation.
Key Points: Secrets Manager automates credential rotation, integrates with RDS, and ensures secure storage, making it ideal for the scenario.
Answer
The correct answer is: C