An application is deployed and running on an EC2 instance. The application uses Amazon RDS as a database. What is the secure method to authenticate to the Amazon RDS database from the EC2 application?

Answer options:

A.Store the access key ID and secret access key in the System Manager Parameter Store.
B.Use an IAM user and role, and generate an authentication token.
C.Embed database user id and password in the application source code.
D.Store credentials in the EC2 instance user data.

Answer: B
Option A is incorrect because access key ID and secret access key are not used to authenticate and access Amazon RDS databases.
Option B is CORRECT because Amazon RDS supports IAM authentication. This is done by creating an IAM user and role with access to the database and generating a temporary authentication token.
Option C is incorrect because embedding user id and password in the application source code is not a good security practice as they are in unencrypted form. Changing of user id or password requires code change.
Option D is incorrect because storing the credentials in EC2 instance user data is not a good security practice. They are stored unencrypted. Further, updating the user id or password requires stopping the EC2 instance.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html