A developer is using AWS Secrets Manager to rotate database credentials. The rotation Lambda function fails with an error. Which THREE steps should the developer take to troubleshoot? (Choose THREE.)
If the database is in a VPC, Lambda needs VPC access.
Why this answer
Options A, B, and D are correct. CloudWatch Logs shows error details; IAM permissions are often the cause; network connectivity is required for Lambda to reach the database. Option C is wrong because KMS key rotation is not related.
Option E is wrong because VPC flow logs show network traffic but not Lambda errors.