🔥 3-day streak
AWS Certified CloudOps Engineer - Associate142 / 159
Question 142 of 159

A CloudOps engineer is deploying an application to a fleet of EC2 instances using a CloudFormation template. The application needs to retrieve a database password at boot time. The security team requires that the password be encrypted at rest, never appear in the CloudFormation template or stack parameters in plaintext, and be retrievable by the instances' IAM role. The team wants to avoid additional per-secret charges and does not need automatic secret rotation. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question