AWS Certified Cloud Practitioner

Explanation

AWS Secrets Manager is the correct answer because it is specifically designed for securely storing and managing secrets like database credentials, API keys, and other sensitive information with minimal operational overhead.

Why AWS Secrets Manager is the best choice:

• Purpose-built for secrets: AWS Secrets Manager is specifically designed to store and manage sensitive credentials
• Automatic rotation: It can automatically rotate secrets, reducing manual intervention
• Easy integration: Applications can retrieve secrets directly through API calls
• Minimal operational overhead: AWS manages the infrastructure, encryption, and security
• Fine-grained access control: Integrates with AWS IAM for secure access management

Why other options are not optimal:

• AWS KMS: Primarily for encryption key management, not credential storage
• AWS Config: For configuration compliance tracking, not secret storage
• Amazon GuardDuty: For threat detection and security monitoring, not credential management

AWS Secrets Manager provides the most streamlined approach for securely storing and managing database credentials while minimizing operational overhead.