Which solution will meet these requirements with the LEAST operational overhead?
Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve usernames and passwords from Parameter Store.
Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.
Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Parameter Store.
Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.
Explanations:
AWS Systems Manager Parameter Store does not have native support for the BatchGetSecretValue API, which is specifically designed for AWS Secrets Manager. This option would not meet the requirement effectively.
While it uses AWS Secrets Manager, the mention of AWS CloudFormation and AWS Batch with the BatchGetSecretValue API is misleading since BatchGetSecretValue is not applicable in this context; Secrets Manager has its own methods for secret retrieval.
Similar to option A, using Parameter Store lacks the ability to securely handle sensitive data with the specific API referenced. Moreover, it would not offer the same level of management as Secrets Manager for credentials.
Storing credentials in AWS Secrets Manager is the best approach for secure management of secrets. It integrates well with CloudFormation and allows for easy retrieval of secrets with minimal operational overhead, aligning with best practices for security and simplicity.
I organize that the answer is:
Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.