Which solution will meet these requirements?
Store the database credentials as environment variables for the Lambda function. Set the environment variables to rotate automatically.
Store the database credentials in AWS Secrets Manager. Set up managed rotation on the database credentials.
Store the database credentials in AWS Systems Manager Parameter Store as secure string parameters. Set up managed rotation on the parameters.
Store the database credentials in the X-Amz-Security-Token parameter. Set up managed rotation on the parameter.
Explanations:
Storing database credentials as environment variables does not provide automatic rotation, and sensitive information in environment variables is not encrypted at rest.
AWS Secrets Manager allows secure storage of credentials, encrypts them at rest, and supports automatic rotation, meeting both encryption and rotation requirements.
AWS Systems Manager Parameter Store supports encrypted storage but does not offer automatic credential rotation like Secrets Manager.
X-Amz-Security-Token is related to temporary security credentials, not for storing database credentials, and does not support automatic rotation.