A database specialist has configured IAM authentication on an Amazon RDS for MySQL database instance.
A user is trying to connect to the database.
What does the user need to do in order to authenticate and access the database?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT because the user must use an authentication token to access Amazon RDS database instances when IAM authentication is configured.
To generate a temporary authentication token, aws rds generate-db-auth-token CLI command can be used.
Option B is incorrect because AWS STS is used to generate temporary authentication tokens to provide users access to AWS services and resources.
It is not used when accessing AWS RDS databases.
Option C is incorrect because access key id and secret access key are not used when accessing Amazon RDS database instances.
Option D is incorrect because users do not have traditional database credentials when accessing the AWS RDS database using IAM authentication.
Instead, a user must generate a temporary authentication token.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.htmlThe correct answer is A. Generate an authentication token using aws rds generate-db-auth-token CLI command.
Explanation:
When IAM authentication is enabled for an Amazon RDS for MySQL instance, database users must generate authentication tokens in order to connect to the database. Authentication tokens are temporary credentials that provide access to the database.
Option B, generating an authentication token using AWS STS service, is incorrect because STS (Security Token Service) is not used for generating authentication tokens for Amazon RDS instances.
Option C, configuring AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables in their local environment, is incorrect because IAM authentication for Amazon RDS does not use access keys like standard AWS API calls do.
Option D, configuring their database user ID and password in their local environment, is also incorrect because IAM authentication for Amazon RDS does not use database user IDs and passwords.
Therefore, the correct answer is A, the user needs to generate an authentication token using the aws rds generate-db-auth-token CLI command in order to authenticate and access the database. The user can then use the generated token as a password when connecting to the database.