Which solution meets these requirements?

Explanations:

AWS Systems Manager Parameter Store can securely store parameters but does not natively provide automatic credential rotation. It requires additional configuration to rotate credentials and does not offer the same level of automated management as AWS Secrets Manager.

AWS Secrets Manager is specifically designed for storing and managing sensitive information like database credentials. It provides built-in support for automatic credential rotation, ensuring that credentials are regularly updated and secured. It also supports encryption in transit and at rest.

Storing database credentials in an Amazon S3 bucket, even with server-side encryption, is not ideal for sensitive credentials management. S3 is not designed for automatic credential rotation, and while IAM database authentication is a method of controlling access, it does not provide the same level of automated management for credentials as Secrets Manager.

Storing credentials in S3 Glacier is not appropriate for active credential management. S3 Glacier is designed for archival storage and does not support automatic credential rotation. While a Lambda function could be set up to rotate credentials, the overall solution would be cumbersome and not secure for sensitive credentials compared to AWS Secrets Manager.