DOP-C02 - Security and Compliance - Section 6.2
Automate secret and credential management using AWS Secrets Manager rotation, AWS Systems Manager Parameter Store and short-lived role credentials.
Store database credentials and API keys in AWS Secrets Manager and enable automatic rotation so applications always retrieve a fresh secret without code changes. Distinguish when to use Secrets Manager versus Parameter Store SecureString, and prefer short-lived temporary credentials from IAM roles over long-lived static keys.
AWS Secrets ManagerSecret rotationParameter StoreTemporary credentials
More in this domain
Back to all Security and Compliance objectives, or the DOP-C02 cert hub.
Examworthy is not affiliated with or endorsed by Amazon Web Services. Original, blueprint-aligned practice material only.