A company wants to improve data security for their Amazon RDS instances. They need to ensure that database credentials are never hardcoded in applications and that access to the database is authenticated using IAM roles. Which TWO steps are required? (Select TWO)

Answer options:

Enable IAM database authentication on the RDS instance.

Store the database password in AWS Systems Manager Parameter Store.

Attach an IAM policy to the RDS instance allowing it to assume roles.

Use AWS KMS to encrypt the database connection.

Attach an IAM policy to the application's execution role granting the rds-db:connect action.

Configure AWS Secrets Manager to rotate the IAM role credentials.

How to approach this question

Identify the steps to configure IAM DB Authentication.

Full Answer

A, E

To use IAM database authentication, you must enable the feature on the RDS instance. Then, you attach an IAM policy to the application's role granting the 'rds-db:connect' action, allowing it to generate a temporary auth token.

Common mistakes

Thinking Secrets Manager is needed when IAM authentication is used.

Question 49 All questions Question 51

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise requires highly available hybrid connectivity between its on-premises data ce...Hard Q02An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs...Hard Q03A company uses AWS Organizations. The network team wants to share a central Transit Gateway (TGW)...Medium Q04An enterprise has on-premises data centers in the US and Europe. They want to use the AWS global ...Hard Q05A company requires that all API calls to Amazon S3 from their VPC must not traverse the public in...Medium

View all 75 questions →