ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 407 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 407
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company has an ecommerce web application that uses an on-premises MySQL database as a data store. The company migrates the on-premises MySQL database to Amazon RDS for MySQL.

A developer needs to configure the application's access to the RDS for MySQL database. The developer's solution must not use long term credentials.

Which solution will meet these requirements?

  • A. Enable IAM database authentication on the RDS for MySQL DB instance. Create an IAM role that has the minimum required permissions. Assign the role to the application.
  • B. Store the MySQL credentials as secrets in AWS Secrets Manager. Create an IAM role that has the minimum required permissions to retrieve the secrets. Assign the role to the application.
  • C. Configure the MySQL credentials as environment variables that are available at runtime for the application.
  • D. Store the MySQL credentials as SecureString parameters in AWS Systems Manager Parameter Store. Create an IAM role that has the minimum required permissions to retrieve the parameters. Assign the role to the application.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ahadh7621 at July 21, 2024, 3:11 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ahadh7621
Highly Voted 11 months, 3 weeks ago
Selected Answer: B
B. "The developer's solution must not use long term credentials" implies that the credentials will be rotated, which SecretsManager supports.
upvoted 5 times
wh1t4k3r
10 months, 1 week ago
No, it does not imply that. "needs the credentials to be rotated every X period of time" would imply that. The question Implies that you need to use something like a auth token, which is exactly what IAM db authentication does.
upvoted 4 times
...
...
ShakthiGCP
Most Recent 7 months, 3 weeks ago
Selected Answer: A
Answer is A
upvoted 1 times
...
MasoudK
8 months, 1 week ago
A. AWS Secrets Manager can store and manage database credentials, and it can automatically rotate these credentials. However, the credentials stored in Secrets Manager are still considered long-term credentials because they exist for a period of time until they are rotated. • IAM Database Authentication: This method allows you to use IAM roles and policies to manage access to the RDS instance. It uses temporary security credentials provided by IAM roles, which are short-lived and automatically rotated.
upvoted 2 times
...
albert_kuo
9 months, 1 week ago
Selected Answer: A
aws rds modify-db-instance \ --db-instance-identifier mydbinstance \ --enable-iam-database-authentication \ --apply-immediately { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "rds-db:connect", "Resource": "arn:aws:rds-db:us-west-2:123456789012:dbuser:db-ABCDEFGHIJKLMNOPQRSTUVWX/db_user" } ] }
upvoted 1 times
albert_kuo
9 months, 1 week ago
import boto3 import pymysql # 創建一個 RDS 認證客戶端 rds_client = boto3.client('rds') # 獲取臨時憑證 token = rds_client.generate_db_auth_token(DBHostname='your-db-hostname', Port=3306, DBUsername='your-db-username', Region='us-west-2') # 使用 PyMySQL 連接資料庫 connection = pymysql.connect(host='your-db-hostname', user='your-db-username', passwd=token, port=3306, ssl={'ca': '/path/rds-combined-ca-bundle.pem'})
upvoted 1 times
...
...
wh1t4k3r
10 months, 1 week ago
Selected Answer: A
User/pass is a long term credential. IAM db auth allows connection to the database without user/pass, which solves the problem.
upvoted 2 times
...
siheom
10 months, 1 week ago
Selected Answer: A
VOTE A
upvoted 1 times
...
minime
10 months, 2 weeks ago
A. "Amazon RDS for MySQL can use AWS Identity and Access Management (IAM) database authentication to allow users to connect to a DB instance without a password. Instead, users can use an authentication token, which is a unique string of characters generated by Amazon RDS on request. Each token is valid for 15 minutes and is generated using AWS Signature Version 4."
upvoted 2 times
...
albert_kuo
11 months, 2 weeks ago
Selected Answer: A
A. Enable IAM database authentication on the RDS for MySQL DB instance. Create an IAM role that has the minimum required permissions. Assign the role to the application.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel