In a scenario where a company is deploying resources using an AWS CloudFormation template and must adhere to security best practices, particularly for managing sensitive database credentials, which approach should be taken? The company already employs AWS Key Management Service (AWS KMS) and AWS Secrets Manager for other security needs.

Exam-Like

Use a dynamic reference in the CloudFormation template to reference the database credentials in Secrets Manager.

50.0%

Use a parameter in the CloudFormation template to reference the database credentials. Encrypt the CloudFormation template by using AWS KMS.

20.0%

Use a SecureString parameter in the CloudFormation template to reference the database credentials in Secrets Manager.

20.0%

Use a SecureString parameter in the CloudFormation template to reference an encrypted value in AWS KMS.

10.0%

AWS Certified Security - Specialty