ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Secure AccessDomain 1SecurityRDSIAM

AWS SAA-C03 · Question 05 · Domain 1.1: Secure Access

A company is hosting a web application on Amazon EC2 instances. The application connects to an Amazon RDS for MySQL database. The security team mandates that database credentials must not be stored in the application code or configuration files. Which solution meets this requirement with the LEAST operational overhead?

Answer options:

A.

Store the database credentials in an encrypted Amazon S3 bucket and retrieve them at runtime.

B.

Enable IAM DB authentication on the RDS instance and attach an IAM role to the EC2 instances.

C.

Use AWS KMS to encrypt the database password and store the ciphertext in the application code.

D.

Store the credentials in AWS Systems Manager Parameter Store as a SecureString.

How to approach this question

Look for native AWS integrations that eliminate passwords entirely. IAM DB authentication is the best fit for RDS MySQL/PostgreSQL.

Full Answer

B.Enable IAM DB authentication on the RDS instance and attach an IAM role to the EC2 instances.✓ Correct
Enable IAM DB authentication on the RDS instance and attach an IAM role to the EC2 instances.
With IAM database authentication, you don't need to use a password when you connect to a DB instance. Instead, you use an authentication token. This allows you to centrally manage database access using IAM and eliminates the need to store passwords.

Common mistakes

Choosing Parameter Store or Secrets Manager when IAM DB authentication is an option, as IAM DB auth requires zero password management.
04All questions06

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...EasyQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ06A solutions architect is reviewing the security of an AWS account. The architect notices that the...Easy
View all 65 questions →