如何在AWS Secrets Manager服务中管理AWS RDS的主用户凭证(由cloudformation创建)?
[英]How to manage master user credentials of aws RDS (created by cloudformation) in aws secrets manager service?
问题描述
I have an RDS DB instance created by Cloudformation. 
我有一个由Cloudformation创建的RDS数据库实例。 Now I need to store its master user credentials as a secret in AWS secrets manager service with automatic rotation schedule enabled. 现在,我需要在启用了自动轮换计划的情况下,将其主用户凭据存储为AWS Secrets Manager服务中的一个秘密。 Since, RDS instances created via AWS Cloudformation expect master username and password as one of their mandatory parameters. 由于通过AWS Cloudformation创建的RDS实例希望将主用户名和密码作为其强制参数之一。 And after automatic rotation, it will make my CFN template out of sync for parameters username and password in the future. 并且在自动轮换之后,将来会使我的CFN模板与参数用户名和密码不同步。
How can I achieve automatic rotation of this secret in this case ? 在这种情况下,如何实现此秘密的自动轮换? And more broadly this question applies to other aws services which are created by CFN and expect some sort of secret at the time of creation eg Amazon MQ service. 更广泛地说,此问题适用于其他由CFN创建并在创建时需要某种机密的aws服务,例如Amazon MQ服务。
1 个解决方案
解决方案1
0 2018-11-16 00:40:14
AWS has recently added support for Secrets Manager with Cloud Formation . AWS最近通过Cloud Formation增加了对Secrets Manager的支持。 You should be able to use that. 您应该能够使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.