DVA-C02 · Question #151
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml
The correct answer is C. Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager. "requires automatic rotation of all database credentials" => "Secrets Manager for automatic With the Systems Manager Parameter Store, you have to do that manually.
Question
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials. Which solution will handle the database credentials MOST securely?
Options
- ARetrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an
- BRetrieve the credentials from an environment variable that is linked to a SecureString parameter
- CRetrieve the credentials from an environment variable that is linked to an AWS Secrets Manager
- DRetrieve the credentials from an environment variable that contains the connection string in
How the community answered
(26 responses)- A4% (1)
- B4% (1)
- C81% (21)
- D12% (3)
Explanation
"requires automatic rotation of all database credentials" => "Secrets Manager for automatic With the Systems Manager Parameter Store, you have to do that manually.
Community Discussion
No community discussion yet for this question.