Which solution meets these requirements?
Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.
Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.
Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.
Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.
Explanations:
AWS Secrets Manager is designed to securely store and manage access to sensitive information, including database credentials. It supports automatic credential rotation and allows you to grant IAM permissions to your web servers for secure access, meeting both security and rotation requirements.
AWS Systems Manager OpsCenter is used for operational issues and incident management, not for storing credentials. It does not provide a secure method for rotating database credentials, making it unsuitable for this use case.
Storing credentials in an Amazon S3 bucket requires additional security measures, such as bucket policies and encryption. While S3 can be secured, it is not specifically designed for managing sensitive information like database credentials, and does not support automated credential rotation.
While encrypting files with AWS KMS provides a level of security, managing credentials on the web server file system can lead to potential vulnerabilities. This method lacks automation for credential rotation and can complicate credential management, making it less secure than using a dedicated service like Secrets Manager.
I systematize that the answer is:
Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.
I suspect that the answer is:
Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.