What should a solutions architect do to accomplish this goal?
Use AWS Secrets Manager. Turn on automatic rotation.
Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.
Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
Explanations:
AWS Secrets Manager is designed for managing, retrieving, and rotating database credentials securely. Using it would automate credential rotation and minimize management overhead.
AWS Systems Manager Parameter Store can store sensitive data, but it lacks the native credential rotation capability for database credentials, making it less suitable for minimizing management overhead.
Storing credentials in an Amazon S3 bucket, even with encryption, is not recommended for managing database credentials, as it does not address rotation or secure credential management.
Using an encrypted Amazon EBS volume to store credentials does not simplify credential management or provide rotation capabilities, failing to minimize operational overhead.