You are using a configuration management system to manage your Amazon EC2 instances. On your Amazon EC2 Instances, you want to store credentials for connecting to an Amazon RDS MYSQL DB instance. How would you securely access these credentials when the number of connections per second is lesser than 500?

Answer options:

A.Give the Amazon EC2 instances an IAM role that allows read access to a private Amazon S3 bucket. Store a file with database credentials in the Amazon S3 bucket. Have your configuration management system pull the file from the bucket when it is needed.
B.Launch an Amazon EC2 instance and use the configuration management system to bootstrap the instance with the Amazon RDS DBcredentials. Create an AMI from this instance.
C.Store the Amazon RDS DB credentials in Amazon EC2 user data.Import the credentials into the Instance on boot.
D.Assign an IAM role to your Amazon EC2 instance, and use this IAM role to access the Amazon RDS DB from your Amazon EC2 instances.

Answer - D
When using IAM database authentication with Aurora MySQL, you are limited to a maximum of 500 new connections per second.
Refer to section "MySQL Limitations for IAM Database Authentication" on page 207 on the below link
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-ug.pdf#UsingWithRDS.IAMDBAuth
For more information, please refer to the below document link from AWS
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
You can use roles to delegate access to users, applications, or services that don`t normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don`t usually have, or grant users in one AWS account access to resources in another account. Or you might want to allow a mobile app to use AWS resources, but not want to embed AWS keys within the app (where they can be difficult to rotate and where users can potentially extract them). Sometimes you want to give AWS access to users who already have identities defined outside of AWS, such as in your corporate directory. Or, you might want to grant access to your account to third parties so that they can perform an audit on your resources.
For more information on IAM Roles, please refer to the below document link: from AWS
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html