Design for New Solutions III
Prepare yourself for the AWS Certified Solutions Architect Professional (SAP-C02) exam with advanced questions on serverless scaling, database connection management, event-driven architectures, resilient microservices, and secure multi-account data lake design.
We'll cover the following...
Question 31
A new serverless application uses Lambda functions to access an Amazon Aurora database. Database credentials must rotate automatically, and bursts of Lambda invocations must not exhaust database connections. Which pattern should the solutions architect choose?
A. Store the database username and password in Lambda environment variables encrypted with AWS KMS, rotate them by redeploying the function, and increase the database max_connections setting.
B. Store credentials as Parameter Store SecureString parameters, let each Lambda invocation connect directly to Amazon Aurora, and rely on Lambda retries to recover from connection failures.
C. Package static database credentials in a Lambda layer and use long-term IAM user access keys to authenticate deployment and database access.
D. Store database credentials in AWS Secrets Manager with automatic rotation, configure Amazon RDS Proxy to use the secret and pool connections, grant the Lambda execution role least-privilege access to the proxy, and required secretsmanager:GetSecretValue and kms:Decrypt permissions, and restrict traffic with VPC security groups.