A security engineer is building an application that is running on Amazon EC2. The application communicates with an Amazon RDS MySQL instance and authenticates with a user name and password. The credentials should be encrypted and rotated every 60 days. Which steps should the engineer take to protect the credentials and ensure they can be automatically rotated?