Which solution will meet these requirements?
Use IAM database authentication for Aurora to enable secure database connections for all the Lambda functions.
Store the credentials and read the credentials from an encrypted Amazon RDS DB instance.
Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.
Use Lambda environment variables with a shared AWS Key Management Service (AWS KMS) key for encryption.
Explanations:
IAM database authentication allows Lambda functions to connect to Aurora without using a traditional database password, enhancing security, but it does not provide a single encrypted connection string that is securely stored and managed. Each function would still need to implement IAM authentication separately.
Storing credentials in an encrypted Amazon RDS DB instance is not a valid solution as it implies storing the database connection string within the database itself. This does not comply with the requirement for a single securely encrypted connection string accessible to the Lambda functions.
Storing the database credentials in AWS Systems Manager Parameter Store as a secure string parameter allows for a single, securely encrypted connection string to be used by all Lambda functions. Parameter Store provides a centralized and encrypted way to manage sensitive information, complying with the information security policy.
While Lambda environment variables can be encrypted with AWS KMS, using them would mean managing different environment variables for each Lambda function. This approach does not provide a centralized solution for a single encrypted database connection string, violating the requirement for consistency across all Lambda functions.
I evaluate that the answer is:
Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.