A company has an AWS CloudFormation template written in JSON that is used to launch new Amazon RDS for MySQL DB instances. The security team has asked a database specialist to ensure that the master password is automatically rotated every 30 days for all new DB instances that are launched using the template. What is the MOST operationally efficient solution to meet these requirements?
A) Save the password in an Amazon S3 object. Encrypt the S3 object with an AWS KMS key. Set the KMS key to be rotated every 30 days by setting the EnableKeyRotation property to true. Use a CloudFormation custom resource to read the S3 object to extract the password.
B) Create an AWS Lambda function to rotate the secret. Modify the CloudFormation template to add an AWS::SecretsManager::RotationSchedule resource. Configure the RotationLambdaARN value and, for the RotationRules property, set the AutomaticallyAfterDays parameter to 30.
C) Modify the CloudFormation template to use the AWS KMS key as the database password. Configure an Amazon EventBridge rule to invoke the KMS API to rotate the key every 30 days by setting the ScheduleExpression parameter to ***/30***.
D) Integrate the Amazon RDS for MySQL DB instances with AWS IAM and centrally manage the master database user password.
Correct Answer:
Verified
Q105: A company has an ecommerce web application
Q106: A company is using an Amazon Aurora
Q107: A company is using a Single-AZ Amazon
Q108: A company is moving its fraud detection
Q109: An ecommerce company has tasked a Database
Q111: A company is looking to move an
Q112: A company is using Amazon with Aurora
Q113: A company is planning to close for
Q114: An online gaming company is planning to
Q115: A company wants to migrate its on-premises
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents