A developer is migrating code to an AWS Lambda function that will an Amazon Aurora MySQL database.
What is the MOST secure way to authenticate the function to the database?
A . Store the database credentials as encrypted parameters in AWS Systems Manager Parameters Store. Obtain the credentials from Systems Manager when the Lambda function needs to connect to the database.
B . Store the database credentials in AWS Secrets Manager. Let Secrets Manager handle the rotation of the credentials, as required.
C . Store the database credentials in an Amazon S3 bucket that has a restrictive bucket policy for the Lambda role when accessing the credentials. Use AWS KMS to encrypt the data.
D . Create a policy with rds-db:connect access to the database and attach it to the role assigned to the Lambda function.
Answer: B
Explanation:
Reference: https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automaticallywith-aws-secrets-manager/