A company has an application that calls AWS Lambda functions A recent code review found database credentials stored in the source code. The database credentials need to be removed from the Lambda source code The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements
What should a solutions architect recommend to meet these requirements?
A . Store the password in AWS CloudHSM Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID
B . Store the password in AWS Secrets Manager Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID
C . Move the database password to an environment variable associated with the Lambda function Retrieve the password from the environment variable upon execution
D . Store the password in AWS Key Management Service (AWS KMS) Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID
Answer: B