I have an AWS EC2 server that is public facing and it has the database password to the mongoDB server.How can I encrypt the database password ?
I found a way using the Key Management Service but since to communicate to the KMS I would have to save my AWS access and secret keys on the server to access the API's. Wouldn't someone be able to get the password if someone breaks into the server just by running the CLI ?
You do not need to store access + secret keys on the EC2.
You can instead allocate an AWS IAM instance profile to the EC2 which permits the EC2 to perform a KMS decrypt.
That said, it's still a bad idea to have a public-facing server talking to your database. An attacker who gains access could use the IAM instance profile to KMS decrypt the key.
Put your EC2 into an ALB, and expose the ALB to the internet. Expose only your web traffic to the EC2 from the ALB.