skip to Main Content

To Devs,
How can I create rotational credentials for SQL Server in AWS?
Any ideas?
Thanks,
Marc

2

Answers


  1. Chosen as BEST ANSWER

    To rotate a secret for a non-RDS database or for a custom secret type, you must create and configure a Lambda function that rotates the secrets when triggered. The rotation function updates the credentials on the protected service and updates the secret to match. Your applications then immediately begin accessing the protected service by using the new credentials contained in the secret.

    Choose the Lambda function that contains the code that can rotate your secret.

    You can view or choose only functions for which both you and the Secrets Manager service (secretsmanager.amazonaws.com) have the lambda:InvokeFunction permission. Alternatively, if the function doesn't exist yet, choose Create function to go to the Lambda console to create the function. When you return to this window, choose the refresh button to see the new function in the list.


  2. You can use AWS Secret Manager.

    As per this AWS Blog Post, if you’re using Amazon RDS:

    You can configure Secrets Manager to rotate secrets automatically without disrupting your applications. Secrets Manager offers built-in integrations for rotating credentials for all Amazon RDS databases (MySQL, PostgreSQL, Oracle, Microsoft SQL Server, MariaDB, and Amazon Aurora.) You can also extend Secrets Manager to meet your custom rotation requirements by creating an AWS Lambda function to rotate other types of secrets.

    If you’re not using Amazon RDS, you can find an example here of how you can update your application to retrieve your credentials from Secret Manager.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search