Creating a Secret
Start course
4h 25m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the AWS database services relevant to the SAP-C02 exam. We then understand the service options available and learn how to select and apply AWS database services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Understand the various database services that can be used when building cloud solutions on AWS
  • Learn how to build databases using Amazon RDS, DynamoDB, Redshift, DocumentDB, Keyspaces, and QLDB
  • Learn how to create ElastiCache and Neptune clusters
  • Understand which AWS database service to choose based on your requirements
  • Discover how to use automation to deploy databases in AWS
  • Learn about data lakes and how to build a data lake in AWS

Just like most things in AWS you have the ability to manually add resources such as secrets by hand in the console. 

It's all fairly simple, you can just fill in the blanks here with your username information and password that you want for the database. 

Selected the database you want to associate the secret with, and move onto the next section. 

Here we give the secret a name to make it easier to reference later… 

And click through to completion. And there you have it, fairly easy to create a new secret in the console.

However as mentioned previously this is adding the human element back into the equation, so let's instead see how to create a new secret within our cloud formation template.

Here is an example of that.

This secret will contain both the username and the password of the database we are also about to create. Since this information will be referenced by the database portion of the template, we need to declare this ahead of time.

As you can see, we are dynamically generating a 16 character password filled with random characters, excluding quotes, the at symbol, and the front and backslash.

Feel free to take a moment and pause the video to glance through the code.

As a note from AWS: “Secrets Manager ensures the secret isn’t logged or persisted by CloudFormation by using a dynamic reference to the secret. “

So once your cloud formation template finishes running and deploying the environment, your database should be dynamically linked to the appropriate secret without any worries about other AWS users finding it.

Next, let's take a look at putting all the pieces together.


Course Introduction - Why Automate? - Automating with AWS - Keeping Your Environment Secure with AWS Secrets Manager - Putting It All Together - Wrap Up

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.