A developer is migrating code to an AWS Lambda function that will an Amazon Aurora MySQL database.
What is the MOST secure way to authenticate the function to the database?
A. Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database.
B. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.
C. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data.
D. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.
What is the MOST secure way to authenticate the function to the database?
A. Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database.
B. Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.
C. Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data.
D. Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.