Which solution will meet these requirements?
Store the database credentials in AWS Secrets Manager. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Secrets Manager.
Include the database credentials as part of the Lambda function code. Update the credentials periodically and deploy the new Lambda function.
Use Lambda environment variables. Update the environment variables when new credentials are available.
Store the database credentials in AWS Systems Manager Parameter Store Turn on rotation. Write code in the Lambda function to retrieve the credentials from Systems Manager Parameter Store.
Explanations:
Storing the database credentials in AWS Secrets Manager with automatic rotation and retrieving the credentials in the Lambda function is a secure and scalable solution. Secrets Manager integrates with Lambda for seamless management of credentials, and turning on rotation ensures the credentials are updated automatically every 2 weeks.
Including the database credentials directly in the Lambda function code is insecure and inefficient. It requires manual updates to the Lambda function every time the credentials are rotated, leading to potential downtime or security risks.
Using Lambda environment variables to store database credentials is insecure, as environment variables are not encrypted by default. Even though environment variables can be updated, it lacks the automatic rotation feature required in the solution.
Storing credentials in AWS Systems Manager Parameter Store is an option, but it lacks the automatic rotation feature of Secrets Manager. While it can retrieve credentials from Parameter Store, it does not natively support credential rotation, requiring custom rotation logic.