AWS Certified Security - Specialty (#82)

A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet of 2,000 Internet of Things (IoT) field devices that monitor water quality. These devices each have unique access credentials. An operational safety policy requires that access to specific credentials is independently auditable. What is the MOST cost-effective way to manage the storage of credentials?

Use AWS Systems Manager to store the credentials as Secure Strings Parameters. Secure by using an AWS KMS key.
Use AWS Key Management System to store a master key, which is used to encrypt the credentials. The encrypted credentials are stored in an Amazon RDS instance.
Use AWS Secrets Manager to store the credentials.
Store the credentials in a JSON file on Amazon S3 with server-side encryption.