A company has a new application. The company needs to secure sensitive configuration data such as database connection strings, application license codes, and API keys that the application uses to access external resources. The company must track access to the configuration data for auditing purposes. The resources are managed outside the application.
The company is not required to manage rotation of the connection strings, license codes, and API keys in the application. The company must implement a solution to securely store the configuration data and to give the application access to the configuration data. The solution must comply with security best practices.
Which solution will meet these requirements MOST cost-effectively?

A. Store the configuration data in an encrypted file on the source code bundle. Grant the application access by using IAM policies.
B. Store the configuration data in AWS Systems Manager Parameter Store. Grant the application access by using IAM policies.
C. Store the configuration data on an Amazon Elastic Block Store (Amazon EBS) encrypted volume. Attach the EBS volume to an Amazon EC2 instance to provide the application with access to the data.
D. Store the configuration data in AWS Secrets Manager. Grant the application access by using IAM policies.