AWS Certified Developer – Associate — Question 71

A developer is creating an AWS CloudFormation template for an application. The application includes an Amazon RDS database. The password to be set for the resource's MasterUserPassword property is already stored in AWS Secrets Manager.
How can the developer reference the value of the password in the CloudFormation template?

Answer options

• A. Use a parameter in the CloudFormation template with the same name of the secret.
• B. Use the ssm dynamic reference by specifying the name of the secret and its version.
• C. Use the secretsmanager dynamic reference by specifying the appropriate reference-key segment.
• D. Use the ssm-secure dynamic reference by specifying the name of the secret and its version.

Correct answer: C

Explanation

The correct answer is C because the secretsmanager dynamic reference allows you to directly retrieve the secret value from AWS Secrets Manager using the reference-key format. Options A and B are incorrect as they do not specifically address referencing secrets from Secrets Manager, and option D is also incorrect because it pertains to SSM parameters rather than Secrets Manager.