AWS Certified Developer Associate (#64)

A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords. Which of the following solutions would involve the LEAST administrative effort?

Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances.
Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.
Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances.
Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.