CloudFormation outputs contain the results of the template that was created. These outputs may contain secrets, for example, user names, passwords, and tokens. The outputs cannot be encrypted, resulting in any entity with basic read-metadata-only, and access to CloudFormation outputs, having access to these secrets.
We recommend you remove secrets from unencrypted places, especially if they can be easily accessed, to reduce the risk of exposing data to third parties.
To see the secret, run the following CLI command:
aws cloudformation --region <REGION> describe-stacks --stack-name <STACK_NAME>
Updated about 2 years ago