What is the MOST operationally efficient solution that meets these requirements?
Use an AWS Lambda function as a CloudFormation custom resource to generate and rotate the password.
Use an AWS Systems Manager Parameter Store resource with the SecureString data type to generate and rotate the password.
Use a cron daemon on the application’s host to generate and relate the password.
Use an AWS Secrets Manager resource to generate and rotate the password.
Explanations:
Using an AWS Lambda function as a custom resource is complex and requires additional setup for password generation and rotation. This solution is less operationally efficient compared to other options.
AWS Systems Manager Parameter Store with SecureString data type can store the password securely but does not support automatic rotation out of the box without custom solutions.
Using a cron daemon on the application’s host is not an AWS-native solution and introduces complexity in maintaining the rotation process. It is also prone to errors and does not leverage AWS managed services for security.
AWS Secrets Manager is the most operationally efficient solution as it can securely generate, store, and automatically rotate the database password without requiring application changes.