Wanted to understand if this is a common and secure practice. I have an application that has a lot of customer secrets (their API Keys, credentials). We've reached a stage where AWS secrets manager is not proving to be cost-effective…
We're currently building an MSK cluster. We use 2 types of authentication for 2 different clients. The IAM authentication works fine. But for the SASL/SCRAM authentication that it's not the case, we created a secret for username/password connection and linked…
I want to retrieve AWS secrets using python boto3 and I came across this sample code: aws-doc-sdk-examples/python/example_code/secretsmanager/get_secret_value.py at main · awsdocs/aws-doc-sdk-examples · GitHub Secrets Manager examples using SDK for Python (Boto3) - AWS SDK Code Examples But it is confusing.…
I've been trying to get a db connection working in my lambda and having the worst time retrieving my password from secrets manager. When I run the lambda I get User: arn:aws:sts::#####:assumed-role/consent-gen/consent-gen is not authorized to perform: secretsmanager:GetSecretValue because no…
I understand that sometimes order makes or breaks CloudFormation templates, but this one shouldn't be a problem, or at least it's not obvious to me why I'm getting this error: Error: 'DataPipelinePrototypeSecretStack' depends on 'DataPipelinePrototypeDatabaseStack' (DataPipelinePrototypeSecretStack -> DataPipelinePrototypeDatabaseStack/PrototypeDb1/Resource.Ref). Adding this…
aws secretsmanager get-secret-value --secret-id ${secretId} --profile ${customProfile} the above fails without the --region option but the below works without the region option aws s3api get-bucket-encryption --bucket ${s3Bucket} --profile ${customProfile} Wondering what would be the explanation for the above. One plausible…
I have a usecase to use the secret from A in all other accounts in that organization. I have provided permission for secret for organization and encrypted the secret with kms key . I have a role accross the organization…
Suppose I wanted to store something like: { "service_name": { "prod": "SECRET1", "dev": "SECRET2" } } Can I store such JSON in AWS Secrets Manager?
I am trying to have a Lambda to trigger when a secret in aws Secrets Manager is rotated. So I am trying to use Cloudtrail for this. I am trying to follow this AWS documentation The documentation doesn't seem to…
I'm using AWS ECS service to run my Docker containers (4 containers) Also used Secret Manager for storing and retrieve Environment Variables. I would like to pass my secret manager ARN. So the containers will access all my env vars…