What is the MOST operationally efficient solution that meets these requirements?

By:
In: DVA-C01
Tagged:
With: 1 Comment
A company is using AWS CloudFormation to deploy a two-tier application.The application will use Amazon RDS as its backend database.The company wants a solution that will randomly generate the database password during deployment.The solution also must automatically rotate the database password without requiring changes to the application.

What is the MOST operationally efficient solution that meets these requirements?

Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.

Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.

Use a cron daemon on the application’s host to generate and relate the password.

Use an AWS Secrets Manager resource to generate and rotate the password.

Explanations:

Using an AWS Lambda function as a custom resource is complex and requires additional setup for password generation and rotation. This solution is less operationally efficient compared to other options.

AWS Systems Manager Parameter Store with SecureString data type can store the password securely but does not support automatic rotation out of the box without custom solutions.

Using a cron daemon on the application’s host is not an AWS-native solution and introduces complexity in maintaining the rotation process. It is also prone to errors and does not leverage AWS managed services for security.

AWS Secrets Manager is the most operationally efficient solution as it can securely generate, store, and automatically rotate the database password without requiring application changes.

2025-10-02

1 Comment

  1. Elijah
    Author

    I categorize that the answer is:
    Use an AWS Secrets Manager resource to generate and rotate the password.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve + 18 =