Which solution will meet this requirement with the LEAST administrative overhead?
Create a new AWS Lambda function to manage the password rotation. Turn on automatic password rotation in Secrets Manager. Associate the rotation with the Lambda function.
Turn on automatic password rotation in Secrets Manager. Configure Secrets Manager to create a new AWS Lambda function to manage the password rotation.
Use the SecretsManagerRotationTemplate from the AWS Serverless Application Model (AWS SAM) to create a new AWS Lambda function. Change the vpc-config option of the Lambda function to include the subnet IDs when Amazon DocumentDB is hosted.
Use the SecretsManagerRotationTemplate from the AWS Serverlss Application Model (AWS SAM) to create three new AWS Lambda functions: createSecret, setSecret, and testSecret. Change the vpc-config option of all three Lambda functions to include the subnet IDs where Amazon DocumentDB is hosted.
Explanations:
This option requires creating a new Lambda function manually, which involves more administrative overhead. While it can work, it is not the least overhead solution because it requires custom implementation and management.
This option allows AWS Secrets Manager to automatically create a Lambda function for password rotation, significantly reducing administrative overhead. This approach leverages built-in AWS capabilities, minimizing manual management.
Although this option uses the AWS SAM template, it still requires the user to create a Lambda function and manage its VPC configuration. This adds complexity and administrative overhead compared to automatic management by Secrets Manager.
This option is more complex as it involves creating three separate Lambda functions and managing their VPC configurations. This increases administrative overhead significantly, making it less desirable than the correct option.
I would say the answer is:
Turn on automatic password rotation in Secrets Manager. Configure Secrets Manager to create a new AWS Lambda function to manage the password rotation.
I weigh that the answer is:
Turn on automatic password rotation in Secrets Manager. Configure Secrets Manager to create a new AWS Lambda function to manage the password rotation.