Exam AWS Certified SysOps Administrator - Associate topic 1 question 108 discussion

It cannot be A or B as KMS cannot hold DB credentials, therefore must be Secrets Manager It cannot be D as the question states "Write intensive" so read only replicas cannot do this. Has to be C

I thinnk C is correct since we are talking about writing to the DB. It is indeed available: Amazon RDS Proxy is available for Amazon Aurora with MySQL compatibility, Amazon Aurora with PostgreSQL compatibility, Amazon RDS for MariaDB, Amazon RDS for MySQL, and Amazon RDS for PostgreSQL.

1. Credentials Management Why AWS Secrets Manager? AWS Secrets Manager is designed specifically to manage, store, and automatically rotate database credentials securely. It is the most suitable solution for the requirement to rotate credentials monthly for an Amazon RDS instance. AWS Key Management Service (KMS) is used for encrypting data, not managing database credentials. Thus, KMS does not meet the credentials rotation requirement. 2. Handling Write-Intensive Traffic and Connection Spikes Why RDS Proxy? RDS Proxy manages database connections efficiently by pooling and reusing connections, which is critical for applications with variable and spiking client connections. It helps in reducing the database's memory and CPU overhead, especially during sudden connection surges. Read replicas are useful for scaling read-only workloads, but they do not assist with write-intensive traffic or connection pooling.

C is correct option

C is correct

why not A : AWS KMS is used for encryption key management rather than credential rotation.

C is right

cccccccc

Ans: C

C. https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html

Secret Manager can rotate secret in database.

It’s A as Secrets Manager does not auto rotate credentials