A company is deploying a web application on AWS Elastic Beanstalk. The application uses an Amazon RDS database. The company wants to ensure that database credentials are not exposed in the application code or environment variables. Which TWO methods are secure ways to manage credentials? (Choose TWO.)
Secrets Manager is designed for secrets.
Why this answer
Option A and Option C are correct. AWS Secrets Manager and AWS Systems Manager Parameter Store are both secure services for storing secrets. Option B is wrong because environment variables can be exposed.
Option D is wrong because hardcoding is insecure. Option E is wrong because storing in S3 without encryption is insecure.