Which solution will meet these requirements?
Remove the user credentials from the Lambda environment. Implement IAM database authentication.
Move the user credentials from Lambda environment variables to AWS Systems Manager Parameter Store.
Move the user credentials from Lambda environment variables to AWS Key Management Service (AWS KMS).
Move the user credentials from the Lambda environment to an encrypted .txt file. Store the file in an S3 bucket.
Explanations:
IAM database authentication is typically used for authenticating to databases (like RDS) and does not apply to transferring files to an SFTP server. Removing the credentials without replacing them with a valid method of accessing the SFTP server does not solve the issue.
AWS Systems Manager Parameter Store can securely store configuration data, including sensitive information like usernames and passwords. Parameter Store supports encryption, allowing for safe storage of credentials while enabling easy retrieval in the Lambda function.
AWS Key Management Service (AWS KMS) is used for managing encryption keys but does not directly store data such as usernames and passwords. While you can encrypt data with KMS, you would still need to store the actual credentials elsewhere, making this option less straightforward.
Storing credentials in an encrypted .txt file in S3 is not a best practice. It requires additional management of the file, including access permissions and key management for encryption. This method is less secure compared to using dedicated services like Parameter Store.