Which solution will meet these requirements?
Store the credentials in AWS Key Management Service (AWS KMS). Create keys in AWS KMS. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation
Store the credentials in encrypted local storage. Configure the application to load the database credentials from the local storage. Set up a credentials rotation schedule by creating a cron job.
Store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule by creating an AWS Lambda function for Secrets Manager.
Store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule in the RDS for MySQL database by using Parameter Store.
Explanations:
AWS KMS is primarily used for managing encryption keys, not for storing and managing database credentials directly. It does not provide credential rotation features natively. Using KMS would require additional implementation effort for credential management, which does not align with the requirement for minimal programming effort.
Storing credentials in encrypted local storage may provide some level of security, but it introduces risks related to local storage management and access control. Additionally, managing a cron job for credential rotation increases programming effort and complexity, which does not meet the requirement for minimal effort.
AWS Secrets Manager is specifically designed for securely storing and managing secrets, such as database credentials. It provides built-in capabilities for automatic credential rotation using AWS Lambda, significantly reducing programming effort and enhancing security. This solution aligns perfectly with the requirement to make the application more secure with minimal changes.
While AWS Systems Manager Parameter Store can store parameters securely, it does not offer the same robust secret management capabilities as AWS Secrets Manager, especially for credential rotation. Additionally, the rotation of credentials would need to be handled separately in RDS, complicating the process compared to Secrets Manager.