An application uses an Amazon RDS MySQL database. The security team requires that all database connections use SSL/TLS encryption in transit. How can a solutions architect enforce this requirement?

Answer options:

Modify the RDS instance to use a custom KMS key.

Configure the database parameter group to set the 'require_secure_transport' parameter to ON.

Attach an IAM policy to the RDS instance denying non-SSL connections.

Update the security group to only allow traffic on port 443.

How to approach this question

Understand how RDS engines enforce SSL. For MySQL and PostgreSQL, this is done via parameter groups.

B.Configure the database parameter group to set the 'require_secure_transport' parameter to ON.✓ Correct

Configure the database parameter group to set the 'require_secure_transport' parameter to ON.

To enforce SSL connections to an RDS MySQL DB instance, you use the require_secure_transport parameter in the DB parameter group.

Thinking security groups or IAM can inspect and enforce SSL on the database protocol level.

65 questions · hints · full answers · grading