You are using a configuration management system to manage your Amazon EC2 instances. On your Amazon EC2
Instances, you want to store credentials for connecting to an Amazon RDS DB instance. How should you securely store
Give the Amazon EC2 instances an IAM role that allows read access to a private Amazon S3 bucket.
Store a file with database credentials in the Amazon S3 bucket.
Have your configuration management system pull the file from the bucket when it is needed.
Launch an Amazon EC2 instance and use the configuration management system to bootstrap the instance with the Amazon RDS DB
Create an AMI from this instance.
Store the Amazon RDS DB credentials in Amazon EC2 user data.
Import the credentials into the Instance on boot.
Assign an IAM role to your Amazon RDS instance, and use this IAM role to access the Amazon RDS DB from your Amazon EC2
Store your credentials in your version control system, in plaintext.
Check out a copy of your credentials from the version control system on boot.
Use Amazon EBS encryption on the volume storing the Amazon RDS DB credentials.