Which solution will meet these requirements?

By:
In: SAP-C01
Tagged:
With: 2 Comments
A solutions architect needs to improve an application that is hosted in the AWS Cloud.The application uses an Amazon Aurora MySQL DB instance that is experiencing overloaded connections.Most of the application’s operations insert records into the database.The application currently stores credentials in a text-based configuration file.The solutions architect needs to implement a solution so that the application can handle the current connection load.The solution must keep the credentials secure and must provide the ability to rotate the credentials automatically on a regular basis.

Which solution will meet these requirements?

Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager.

Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials in AWS Systems Manager Parameter Store.

Create an Aurora Replica. Store the connection credentials as a secret in AWS Secrets Manager.

Create an Aurora Replica. Store the connection credentials in AWS Systems Manager Parameter Store.

Explanations:

Deploying an Amazon RDS Proxy in front of the Aurora MySQL DB instance helps manage connection pooling, thereby reducing the load on the database. Storing credentials in AWS Secrets Manager enhances security by encrypting credentials and allows for automatic rotation. This meets the requirement of handling connection loads while keeping credentials secure.

While using Amazon RDS Proxy improves connection handling, storing credentials in AWS Systems Manager Parameter Store does not provide automatic credential rotation like AWS Secrets Manager does. Therefore, it fails to meet the security requirement for rotating credentials.

Creating an Aurora Replica can help with read scaling but does not address the connection overload issue for write operations. Furthermore, storing credentials in AWS Secrets Manager alone does not improve the database’s ability to handle high connection loads, making this option inadequate.

Similar to option C, creating an Aurora Replica does not address the primary issue of overloaded connections for insert operations. While AWS Systems Manager Parameter Store can securely store credentials, it does not offer automatic credential rotation, which is a requirement. Hence, this option is not suitable.

2026-03-27

2 Comments

  1. Alan
    Author

    I calculate that the answer is:
    Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager.

  2. Juan
    Author

    If memory serves me right, the answer is:
    Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen + five =