🔥 3-day streak
AWS Certified DevOps Engineer - Professional32 / 204
Question 32 of 204
A DevOps team manages an RDS instance using CloudFormation. Company policy prohibits storing database passwords in template parameters, plaintext, or version control. The password is already stored in AWS Secrets Manager under the secret name 'prod/rds/master'. The team wants CloudFormation to inject the password into the RDS instance's MasterUserPassword property at deploy time without ever exposing the value in the template, change set, or stack events. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question