A security engineer is tasked with auditing an AWS CloudFormation template and identifies a parameter that inadvertently exposes an application's API key in plaintext by default. This parameter is used in multiple locations within the template. The engineer must address this vulnerability by replacing the parameter in a way that ensures the API key can still be securely referenced throughout the template. Which of the following solutions offers the highest level of security for managing this sensitive information?

Exam-Like

Store the API key value as a SecureString parameter in AWS Systems Manager Parameter Store. In the template, replace all references to the value with {{resolve:ssm:MySSMParameterName:1}}.

0.0%

Store the API key value in AWS Secrets Manager. In the template, replace all references to the value with {{resolve:secretsmanager:MySecretId:SecretString}}.

100.0%

Store the API key value in Amazon DynamoDB. In the template, replace all references to the value with {{resolve:dynamodb:MyTableName:MyPrimaryKey}}.

0.0%

Store the API key value in a new Amazon S3 bucket. In the template, replace all references to the value with {{resolve:s3:MyBucketName:MyObjectName}}.

0.0%

AWS Certified Security - Specialty

Comments

Get started today