Which solutions will meet these requirements?
(Choose two.)
Store the API keys as a SecureString parameter in AWS Systems Manager Parameter Store. Grant the application access to retrieve the value from Parameter Store.
Store the API keys in AWS CloudFormation templates by using base64 encoding. Pass the API keys to the application through container definition environment variables.
Add a new AWS CloudFormation parameter to the CloudFormation template. Pass the API keys to the application by using the container definition environment variables.
Embed the API keys in the application. Build the container image on-premises. Upload the container image to Amazon Elastic Container Registry (Amazon ECR).
Store the API keys as a SecretString parameter in AWS Secrets Manager. Grant the application access to retrieve the value from Secrets Manager.
Explanations:
Storing API keys as a SecureString parameter in AWS Systems Manager Parameter Store is a secure method. It encrypts the parameter and allows access control through IAM policies, ensuring only authorized applications can retrieve the keys.
Storing API keys in AWS CloudFormation templates, even with base64 encoding, is not secure. The templates can be exposed in logs or source control, and base64 encoding does not provide true encryption.
Adding a CloudFormation parameter to pass API keys as environment variables is insecure, as it exposes sensitive information in the CloudFormation stack. Environment variables can also be accessed by anyone with access to the container.
Embedding API keys directly in the application and building the container image is not secure. If the image is uploaded to a public registry or accessed by unauthorized users, the keys can be exposed.
Storing API keys as a SecretString parameter in AWS Secrets Manager is a secure approach. It allows for encryption, fine-grained access control, and the ability to rotate secrets without modifying application code.