What should a solutions architect do to satisfy the security requirements?

By:
In: SAA-C03
Tagged:
With: 1 Comment
To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance.A recent security audit revealed that encryption at rest is enabled using AWS Key Management Service (AWS KMS), but data in transit is not enabled.

What should a solutions architect do to satisfy the security requirements?

Enable IAM database authentication on the database.

Provide self-signed certificates. Use the certificates in all connections to the RDS instance.

Take a snapshot of the RDS instance. Restore the snapshot to a new instance with encryption enabled.

Download AWS-provided root certificates. Provide the certificates in all connections to the RDS instance.

Explanations:

IAM database authentication is used for authentication purposes, not for encryption in transit. This option does not address the requirement of encrypting data in transit.

Providing self-signed certificates for encryption is not recommended for production environments because it lacks trust and scalability. AWS provides managed certificates for this purpose.

Taking a snapshot and restoring it with encryption enabled is only related to encryption at rest, not encryption in transit. It does not solve the requirement for encrypting data in transit.

Downloading AWS-provided root certificates and using them in all connections ensures that the connection to the RDS instance is encrypted in transit using SSL/TLS, which meets the security requirements.

2025-10-20

1 Comment

  1. Arthur
    Author

    My best guess is:
    Download AWS-provided root certificates. Provide the certificates in all connections to the RDS instance.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 1 =