A company is developing a multi-tier web application hosted on AWS using Amazon Aurora as the database. The application needs to be deployed to production and other non-production environments. A Database Specialist needs to specify different MasterUsername and MasterUserPassword properties in the AWS CloudFormation templates used for automated deployment. The CloudFormation templates are version controlled in the company's code repository. The company also needs to meet compliance requirement by routinely rotating its database master password for production.
What is most secure solution to store the master password?
A. Store the master password in a parameter file in each environment. Reference the environment-specific parameter file in the CloudFormation template.
B. Encrypt the master password using an AWS KMS key. Store the encrypted master password in the CloudFormation template.
C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
D. Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems Manager Parameter Store and enable automatic rotation.
What is most secure solution to store the master password?
A. Store the master password in a parameter file in each environment. Reference the environment-specific parameter file in the CloudFormation template.
B. Encrypt the master password using an AWS KMS key. Store the encrypted master password in the CloudFormation template.
C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
D. Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems Manager Parameter Store and enable automatic rotation.