AWS itself has a Secrets Manager from which other authorized services can pull secrets. If it's an outside CI/CD platform then those usually also have a place to store credentials.
I agree that this would be a good solution. I'm merely bringing up that it takes consideration. Also someone will need to learn the Secrets Manager and also learn credentials management for CI/CD. It's probably at least a day of work if you're not familiar with it.
Don't get me wrong. I don't think anyone should skip this step. You need auth for your datastores.
Don't get me wrong. I don't think anyone should skip this step. You need auth for your datastores.