A DevOps engineer is developing an application that calls AWS Lambda functions. The functions must connect to a database and credentials must not be stored in source code. The credentials for connection to the database must be regularly rotated to meet security policy requirements. What should a DevOps engineer do to meet these requirements?