Answer: A and C
Option A is CORRECT because exponential back-off implements retry functionality in the application.
Option B is incorrect because the issues described in the question occur when Sing-User Rotation is configured.
Option C is CORRECT because enabling multi-user rotation can solve this issue.
Option D is incorrect because the issue is not with permissions since it occurs intermittently.
Option E is incorrect because it does not help to resolve the intermittent sign-in issue.
When using “Single-User Rotation” mode in AWS Secrets Manager, Secrets Manager uses a single user to rotate its own credentials.Sign-in failures can occur between the moment when the old password is removed by the rotation and the moment when the updated password is made accessible as a new version of the secret. This time window should be very short, but it can happen.
There are two ways to avoid this issue:
1. The application can implement retry with an exponential back-off strategy.Thus, the application would retry sign-in several times over a longer time period.A failure should be reported only after repeated sign-in failures.
2. Multi-User Rotation can be enabled.In this scenario, separate “master” user credentials are used for secret rotation. The old version of the secret continues to operate and handle service requests while the new version is prepared and tested. The old version isn`t deleted until after the clients switch to the new version. There`s no downtime while changing between versions.
Reference:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html
https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/