DEV Community

Revathi Joshi for AWS Community Builders

Posted on

Manage the RDS Database credentials using AWS Secret Manager and Monitor it thru CloudTrail

What is AWS Secrets Manager?

  • As per AWS documentation

  • AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.

  • The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

  • Users and applications retrieve secrets with a call to the Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

  • Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

  • Also, the service is extensible to other types of secrets, including API keys and OAuth tokens.

Please visit my GitHub Repository for RDS articles on various topics being updated on constant basis.

Let’s get started!

Objectives:

1. Sign in to AWS Management Console

2. Create RDS MySQL instance

3. Store a new secret

4. Verify the secret created

5. Monitor secret manager activities thru CloudTrail

6. Delete AWS resources

Pre-requisites:

  • AWS user account with admin access, not a root account.

Resources Used:

Steps for implementation to this project:

1. Sign in to AWS Management Console

  • SignIn to the AWS Management Console using username and password in the AWS Region as US East (N. Virginia) us-east-1

2. Create RDS MySQL instance

  • On the Amazon RDS Console, Create database, Standard create, Engine type - MySQL, Templates - Free tier, Under Settings, DB instance identifier - myrdsinstance, Master username - admin, Master password - admin1234, Confirm master password - admin1234, DB instance class - db.t2.micro, Allocated storage - 20 GB, Storage autoscaling - uncheck Enable storage autoscaling, Take all defaults

  • Create database

Image description

3. Store a new secret

  • On the AWS Secrets Manager Console, Store a new secret, Under Secret type - Credentials for Amazon RDS database, Under Credentials - User name - admin, Password - admin1234, Encryption key - aws/secretsmanager, Database - myrdsinstance

  • Next

  • Secret name - myrdssecret

  • Next, Next

  • Store

Image description

4. Verify the secret created

  • Click on myrdssecret, Under Secret value - Retrieve secret value

Image description

5. Monitor secret manager activities thru CloudTrail

  • On the CloudTrail Console, in the left navigation tab - Event history

Image description

  • in the lookup attributes, select Event name and Enter event name as GetSecretValue

Image description

6. Delete AWS resources

  • From the Amazon RDS Console, delete RDS database - myrdsinstance

What we have done so far

  • We have successfully created a RDS MySQL instance, created and stored a secret and monitored secret manager activities thru CloudTrail

Top comments (0)