Store the database credentials for both environments in AWS Systems Manager Parameter Store, encrypt them using an AWS Key Management Service (AWS KMS) key, and retrieve them in the Lambda functions' application code via the AWS SDK for Python (Boto3). Assign a role to the Lambda functions granting access to the Parameter Store parameter.

Store the database credentials for both environments in AWS Secrets Manager, using separate entries for QA and production, enable automatic rotation, and reference the Secrets Manager key as an environment variable for the Lambda functions.

Store the database credentials for both environments in AWS Key Management Service (AWS KMS), enable rotation, and reference the credentials stored in AWS KMS as an environment variable for the Lambda functions.

Create distinct S3 buckets for the QA and production environments, enable server-side encryption with AWS KMS keys (SSE-KMS), and use an object naming convention that allows each Lambda function's application code to fetch the appropriate credentials for its environment. Grant each Lambda function's execution role access to Amazon S3.