jonsully1.dev

AWS Certifications Journey – RDS, Secrets Manager & RDS Proxy

Cover Image for AWS Certifications Journey – RDS, Secrets Manager & RDS Proxy
Photo by Jane Smith  on Unsplash
John O'Sullivan
John O'Sullivan
Senior Full Stack Engineer
& DevOps Practitioner

❓ Practice Question

A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.

Which solution should a SysOps administrator choose to meet these requirements?

A. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
D. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.

✅ Correct Answer

C – Configure AWS Secrets Manager for credential rotation and use RDS Proxy to manage connection spikes.

🧠 Explanation

  1. Secrets Manager: Automatically rotates and securely stores database credentials (required for monthly rotation). KMS is for encryption keys, not credential management.
  2. RDS Proxy: Efficiently pools and scales database connections for write-intensive workloads with variable traffic. Read replicas are for read-heavy workloads, not connection scaling.

❌ Why the Other Answers Are Incorrect

  • A/B: Read replicas offload read traffic but don't solve connection scaling for write-heavy workloads.
  • D: KMS rotates encryption keys, not database credentials.

🧩 Memory Hook

"Secrets for credentials, Proxy for chaos."

🧾 Flashcard

Q: How to handle credential rotation and connection spikes for an RDS PostgreSQL DB?
A: Use Secrets Manager for credentials + RDS Proxy for connection pooling.

📎 Key Takeaways

  • Secrets Manager automates credential rotation; KMS is for keys.
  • RDS Proxy pools connections, ideal for unpredictable traffic.
  • Read replicas are for read scaling, not connection management.

📚 Further Reading

Future-Proofing the Template

  • Add more questions later under "🔍 Related Questions" (e.g., RDS failover, Multi-AZ deployments).
  • Expand "Further Reading" with links to PostgreSQL-specific best practices.