Note_Tech
All technological notes.
Project maintained by simonangel-fong Hosted on GitHub Pages — Theme by mattgraham
AWS - Secrets Manager
AWS Secrets Manager
-
Secrets Manager- Newer service, meant for storing secrets
- Capability to force rotation of secrets every X days
- different from
Systems Managerparameter store which cannot force rotation.
- different from
- Automate generation of secrets on rotation (uses
Lambda)
-
Integration
- Mostly meant for RDS integration
- Integration with Amazon
RDS(MySQL, PostgreSQL, Aurora)
- Integration with Amazon
- Secrets are encrypted using
KMS
- Mostly meant for RDS integration
-
Sample:
- What is the most suitable AWS service for storing RDS DB passwords which also provides you automatic rotation?
- Secrets Manager
- What is the most suitable AWS service for storing RDS DB passwords which also provides you automatic rotation?
Multi-Region Secrets
- Replicate Secrets across multiple AWS Regions
Secrets Managerkeepsread replicasin sync with theprimary Secret- Ability to promote a
read replica Secretto astandalone Secret - Use cases:
- multi-region apps,
- disaster recovery strategies,
- multi-region DB…
Hands-on
