Which solution will meet these requirements with the LEAST operational overhead?
Convert the database to Amazon DynamoDB by using the AWS Schema Conversion Tool (AWS SCT). Store the password in AWS Systems Manager Parameter Store. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly passtard rotation.
Migrate the database to Amazon RDS for Oracle. Store the password in AWS Secrets Manager. Turn on automatic rotation. Configure a yearly rotation schedule.
Migrate the database to an Amazon EC2 instance. Use AWS Systems Manager Parameter Store to keep and rotate the connection string by using an AWS Lambda function on a yearly schedule.
Migrate the database to Amazon Neptune by using the AWS Schema Conversion Tool (AWS SCT). Create an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly password rotation.
Explanations:
Converting the database to Amazon DynamoDB is a significant change, as it requires schema conversion and may not support all features of Oracle DB. Additionally, managing password rotation with a CloudWatch alarm and Lambda adds unnecessary complexity compared to other options.
Migrating to Amazon RDS for Oracle allows the company to leverage managed services, including automatic password rotation using AWS Secrets Manager. This meets the security requirement with minimal operational overhead, as RDS handles routine tasks such as backups and patching.
While migrating to an EC2 instance allows for manual control over the database, it increases operational overhead due to the need for managing the underlying infrastructure and scheduling password rotation with Lambda. This is less efficient than using a managed service.
Migrating to Amazon Neptune requires another significant change, as Neptune is a graph database service, which may not be suitable for the current relational database structure. Also, password rotation would still need to be managed externally, adding operational complexity.