🔥 3-day streak
AWS Certified DevOps Engineer - Professional185 / 204
Question 185 of 204

A company stores database credentials in AWS Secrets Manager in a central security account (Account A). Application workloads running in a separate workload account (Account B) must retrieve these credentials at runtime. The security team requires that the secret be encrypted with a customer managed KMS key and that credentials automatically rotate every 30 days. After configuring cross-account IAM roles in Account B, the applications receive an AccessDeniedException when calling GetSecretValue. What combination of configurations is required to resolve the access issue while meeting the requirements?

Reviewed for accuracy · Report an issueNext question