Which solution meets this requirement with the LEAST operational overhead?
Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.
Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.
Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.
Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.
Explanations:
Storing the password in AWS Secrets Manager allows for secure storage and management of sensitive information. By enabling automatic rotation, Secrets Manager handles the entire process of rotating the database password without requiring additional custom code or manual intervention, resulting in minimal operational overhead.
While AWS Systems Manager Parameter Store can securely store parameters, it does not have built-in support for automatic rotation of secrets. Users must implement a solution to manage the rotation themselves, which increases operational overhead.
Similar to option B, using Systems Manager Parameter Store requires a custom solution to rotate the password (in this case, an AWS Lambda function). This approach involves more complexity and operational overhead compared to using Secrets Manager’s built-in rotation feature.
AWS KMS is designed for managing encryption keys, not for storing or rotating passwords. Enabling automatic rotation on a KMS key does not apply to secrets or passwords; thus, this option is not suitable for the requirement of password rotation for databases.