What is the MOST likely cause of the authentication errors?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company’s database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager.The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days.After a short period of time, a number of existing applications have failed with authentication errors.

What is the MOST likely cause of the authentication errors?

Migrating the credential to RDS requires that all access come through requests to the Secrets Manager.

Enabling rotation in Secrets Manager causes the secret to rotate immediately, and the applications are using the earlier credential.

The Secrets Manager IAM policy does not allow access to the RDS database.

The Secrets Manager IAM policy does not allow access for the applications.

Explanations:

Secrets Manager manages the secret but does not enforce database access to occur exclusively through it.

Enabling rotation immediately generates a new secret, and applications still using the old credential would fail.

The IAM policy for Secrets Manager does not control access to the RDS database itself.

This IAM policy issue would prevent applications from retrieving the secret, but not cause authentication errors if they have the previous credentials.

2025-10-06

1 Comment

  1. Alexis
    Author

    I figure that the answer is:
    Enabling rotation in Secrets Manager causes the secret to rotate immediately, and the applications are using the earlier credential.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 5 =