What is the MOST secure way to manage the database password?

A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days

What is the MOST secure way to manage the database password?
A . Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database
B . Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to retrieve the secret from AWS Secrets Manager to access the database
C . Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database
D . Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database

View Answer

Answer: A

Explanation:

Step-by-Step

Understand the Problem:

Manage a database password securely and rotate it every 90 days.

Analyze the Requirements:

Ensure secure management and automatic rotation of the database password. Minimize manual intervention and risk of exposing the password.

Evaluate the Options:

Option A: Use the AWS SecretsManager Secret resource with the GenerateSecretString property.

Secrets Manager can automatically generate a strong password.

The RotationSchedule resource defines a rotation schedule to rotate the password every 90 days.

Option B: Use the AWS SecretsManager Secret resource with the SecretString property.

Requires accepting a password as a CloudFormation parameter and does not automate password generation.

Option C: Use the AWS SSM Parameter resource.

AWS Systems Manager Parameter Store can store secure strings, but it does not support automatic rotation.

Option D: Use the AWS SSM Parameter resource without secure string.

This option does not offer the security of Secrets Manager and does not support automatic rotation.

Select the Best Solution:

Option A: Using AWS Secrets Manager with the GenerateSecretString property and RotationSchedule resource ensures secure management and automatic rotation of the database password.

Reference: AWS Secrets Manager

Rotate AWS Secrets Manager Secrets

AWS Secrets Manager provides secure storage, automatic rotation, and seamless integration with applications for accessing secrets.