Amazon SAA-C03 Exam - Topic 1 Question 70 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 70
Topic #: 1

A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.

The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.

Which solution will meet these requirements?

AStore database credentials in AWS Secrets Manager. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to access Secrets Manager.

BStore database credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.

CStore database credentials in an Amazon S3 bucket. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to retrieve credentials from the S3 bucket.

DStore the credentials in a local file on each of the web servers. Use an AWS KMS key to encrypt the credentials. Create a cron job on each server to rotate the credentials every 30 days.

Show Suggested Answer

Suggested Answer: A

AWS Secrets Manager is a fully managed service specifically designed to securely store and automatically rotate database credentials, API keys, and other secrets. Secrets Manager provides built-in integration with Amazon RDS for automatic credential rotation on a configurable schedule without requiring downtime. It also manages the secure distribution of the credentials to authorized services, such as your web servers, using IAM policies. Manual solutions (S3, files, cron jobs) do not provide the same level of automation, audit, or security.

Reference Extract from AWS Documentation / Study Guide:

'AWS Secrets Manager enables you to rotate, manage, and retrieve database credentials securely. It supports automatic rotation of secrets for supported AWS databases without requiring application downtime.'

Source: AWS Certified Solutions Architect -- Official Study Guide, Security and Secrets Management section.

by Gwen at Mar 02, 2026, 01:55 PM

Limited Time Offer

25%

1 month ago

I remember we discussed AWS Secrets Manager in class, and it seems like the best option for securely storing and rotating credentials.

upvoted 0 times

...