Question #749
A company is migrating its on-premises PostgreSQL database to AWS and requires automated rotation of database credentials every 30 days without additional programming. Which setup fulfills these requirements?
Use Amazon Aurora PostgreSQL. Store credentials in AWS Systems Manager Parameter Store with rotation enabled.
Use Amazon Aurora PostgreSQL. Store credentials in AWS Secrets Manager with rotation enabled.
Use Amazon DynamoDB. Store credentials in AWS Secrets Manager with rotation enabled.
Use Amazon DynamoDB. Store credentials in AWS Systems Manager Parameter Store with rotation enabled.
Explanation
The question requires migrating a PostgreSQL database to AWS with automated credential rotation every 30 days.
- Why B is correct: Amazon Aurora PostgreSQL is a managed PostgreSQL-compatible database, making it suitable for migration. AWS Secrets Manager natively supports automated credential rotation for RDS/Aurora databases without requiring custom code. Enabling rotation in Secrets Manager fulfills the requirement.
- Why other options are incorrect:
- A: Systems Manager Parameter Store can store credentials but lacks built-in rotation for Aurora/PostgreSQL. Custom scripting (e.g., Lambda) is needed, violating the 'no additional programming' requirement.
- C/D: DynamoDB is a NoSQL database, not a PostgreSQL replacement. Migrating a relational database to DynamoDB would require significant architectural changes.
Key Points:
1. Use Aurora PostgreSQL for PostgreSQL migrations.
2. Secrets Manager enables automated credential rotation for RDS/Aurora without custom code.
3. Parameter Store requires custom logic for rotation.
4. DynamoDB is unsuitable for relational database migrations.
Answer
The correct answer is: B