To Devs,
How can I create rotational credentials for SQL Server in AWS?
Any ideas?
Thanks,
Marc
Question posted in Amazon Web Sevices
The official Amazon Web Services documentation can be found here.
The official Amazon Web Services documentation can be found here.
2
Answers
To rotate a secret for a non-RDS database or for a custom secret type, you must create and configure a Lambda function that rotates the secrets when triggered. The rotation function updates the credentials on the protected service and updates the secret to match. Your applications then immediately begin accessing the protected service by using the new credentials contained in the secret.
Choose the Lambda function that contains the code that can rotate your secret.
You can view or choose only functions for which both you and the Secrets Manager service (secretsmanager.amazonaws.com) have the lambda:InvokeFunction permission. Alternatively, if the function doesn't exist yet, choose Create function to go to the Lambda console to create the function. When you return to this window, choose the refresh button to see the new function in the list.
You can use AWS Secret Manager.
As per this AWS Blog Post, if you’re using Amazon RDS:
If you’re not using Amazon RDS, you can find an example here of how you can update your application to retrieve your credentials from Secret Manager.