How should the developer configure the database credentials for this application?

Explanations:

While using AWS Systems Manager Parameter Store to store the database credentials is a valid approach, it does not inherently provide automatic credential rotation. The developer would need to implement a custom solution for rotating the credentials manually or through additional services.

IAM authentication allows users to connect to the database without using traditional credentials, but it does not automatically manage or rotate database user passwords. It requires that the developer set up IAM policies and roles, which might not meet the requirement of weekly credential rotation.

AWS Secrets Manager is designed for securely storing, managing, and automatically rotating database credentials. By creating a secret in Secrets Manager with daily rotation enabled, the application can access the updated credentials seamlessly, meeting the company’s requirement for weekly rotation.

Using EC2 user data to create a database user and providing the credentials through environment variables is not a secure practice. It exposes sensitive information and does not facilitate automated credential rotation, failing to meet the company’s security requirement.