lyn7131: Ensure AWS credential Cvars are not logged or shown in plain text (#4519)

Signed-off-by: rppotter <rppotter@amazon.com>

Gems/AWSCore/Code/Include/Private/Credential/AWSCVarCredentialHandler.h

@@ -21,7 +21,7 @@ namespace AWSCore
     {
     public:
         AWSCVarCredentialHandler() = default;
-        ~AWSCVarCredentialHandler() = default;
+        ~AWSCVarCredentialHandler() override = default;
 
         //! Activate handler and its credentials provider, make sure activation
         //! invoked after AWSNativeSDK init to avoid memory leak

Gems/AWSCore/Code/Source/Credential/AWSCVarCredentialHandler.cpp

@@ -5,15 +5,14 @@
  * SPDX-License-Identifier: Apache-2.0 OR MIT
  *
  */
-
 #include <AzCore/Console/IConsole.h>
 
 #include <Credential/AWSCVarCredentialHandler.h>
 
 namespace AWSCore
 {
-    AZ_CVAR(AZ::CVarFixedString, cl_awsAccessKey, "", nullptr, AZ::ConsoleFunctorFlags::Null, "Override AWS access key");
-    AZ_CVAR(AZ::CVarFixedString, cl_awsSecretKey, "", nullptr, AZ::ConsoleFunctorFlags::Null, "Override AWS secret key");
+    AZ_CVAR(AZ::CVarFixedString, cl_awsAccessKey, "", nullptr, AZ::ConsoleFunctorFlags::IsInvisible, "Override AWS access key");
+    AZ_CVAR(AZ::CVarFixedString, cl_awsSecretKey, "", nullptr, AZ::ConsoleFunctorFlags::IsInvisible, "Override AWS secret key");
 
     static constexpr char AWSCVARCREDENTIALHANDLER_ALLOC_TAG[] = "AWSCVarCredentialHandler";
 
@@ -36,8 +35,8 @@ namespace AWSCore
 
     std::shared_ptr<Aws::Auth::AWSCredentialsProvider> AWSCVarCredentialHandler::GetCredentialsProvider()
     {
-        auto accessKey = static_cast<AZ::CVarFixedString>(cl_awsAccessKey);
-        auto secretKey = static_cast<AZ::CVarFixedString>(cl_awsSecretKey);
+        const auto accessKey = static_cast<AZ::CVarFixedString>(cl_awsAccessKey);
+        const auto secretKey = static_cast<AZ::CVarFixedString>(cl_awsSecretKey);
 
         if (!accessKey.empty() && !secretKey.empty())
         {