Which solution meets these requirements?
Use AWS Systems Manager Parameter Store to store the database credentials. Configure automatic rotation of the credentials.
Use AWS Secrets Manager to store the database credentials. Configure automatic rotation of the credentials.
Store the database credentials in an Amazon S3 bucket that is configured with server-side encryption with S3 managed encryption keys (SSE-S3). Rotate the credentials with IAM database authentication.
Store the database credentials in Amazon S3 Glacier, and use S3 Glacier Vault Lock. Configure an AWS Lambda function to rotate credentials on a scheduled basis.
Explanations:
AWS Systems Manager Parameter Store can securely store parameters but does not natively provide automatic credential rotation. It requires additional configuration to rotate credentials and does not offer the same level of automated management as AWS Secrets Manager.
AWS Secrets Manager is specifically designed for storing and managing sensitive information like database credentials. It provides built-in support for automatic credential rotation, ensuring that credentials are regularly updated and secured. It also supports encryption in transit and at rest.
Storing database credentials in an Amazon S3 bucket, even with server-side encryption, is not ideal for sensitive credentials management. S3 is not designed for automatic credential rotation, and while IAM database authentication is a method of controlling access, it does not provide the same level of automated management for credentials as Secrets Manager.
Storing credentials in S3 Glacier is not appropriate for active credential management. S3 Glacier is designed for archival storage and does not support automatic credential rotation. While a Lambda function could be set up to rotate credentials, the overall solution would be cumbersome and not secure for sensitive credentials compared to AWS Secrets Manager.