A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed. Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)
A) Create a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.
B) Create secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database.
C) Store sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data.
D) Store sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.
E) Use AWS KMS to encrypt the CloudFormation template.
F) Use the CloudFormation NoEcho parameter property to mask the parameter value.
Correct Answer:
Verified
Q219: The Development team at an online retailer
Q220: A company wants to implement a CI/CD
Q221: A DevOps engineer notices that all Amazon
Q222: A DevOps team wants to implement their
Q223: A company has a legacy application running
Q225: A company that runs many workloads on
Q226: A DevOps engineer is troubleshooting deployments to
Q227: A company has mandated a global encryption-at-rest
Q228: A company has migrated its container-based applications
Q229: A DevOps engineer is assisting with a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents