Which solution will meet these requirements?
Use an AWS Key Management Service (AWS KMS) key to encrypt the most recent database backup. Restore the backup as a new database to activate encryption.
Store the source code to access the credentials in an AWS Systems Manager Parameter Store secure string parameter that is encrypted by AWS Key Management Service (AWS KMS). Access the code with calls to Systems Manager.
Store the credentials in an AWS Systems Manager Parameter Store secure string parameter that is encrypted by AWS Key Management Service (AWS KMS). Access the credentials with calls to Systems Manager.
Use an AWS Key Management Service (AWS KMS) key to encrypt the DB instance at rest. Activate RDS encryption in transit by using SSL certificates.
Explanations:
Encrypting the database backup and restoring it as a new database does not directly address the issue of hardcoded credentials in the source code. The solution focuses on encryption at rest and does not manage credentials.
Storing the source code in AWS Systems Manager Parameter Store secure string is a good practice for secure access, but the source code itself should not directly contain access to the credentials. This option is focused on the source code rather than the credentials themselves.
Storing the database credentials in an AWS Systems Manager Parameter Store secure string encrypted by AWS KMS ensures the credentials are stored securely and can be retrieved programmatically, without exposing them in the source code.
Encrypting the DB instance at rest and in transit with SSL certificates addresses database encryption but does not resolve the issue of hardcoded credentials in the source code. It focuses on the database’s encryption rather than securing the credentials.