Keeping Your Environment Secure with AWS Secrets Manager


Course Introduction
RDS vs. EC2
RDS vs. EC2
DynamoDB Accelerator

The course is part of this learning path

Start course
4h 21m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the AWS database services relevant to the SAP-C02 exam. We then understand the service options available and learn how to select and apply AWS database services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Understand the various database services that can be used when building cloud solutions on AWS
  • Learn how to build databases using Amazon RDS, DynamoDB, Redshift, DocumentDB, Keyspaces, and QLDB
  • Learn how to create ElastiCache and Neptune clusters
  • Understand which AWS database service to choose based on your requirements
  • Discover how to use automation to deploy databases in AWS
  • Learn about data lakes and how to build a data lake in AWS

AWS secrets manager helps you to secure your company secrets, such as database password and usernames -  which are needed to access your applications and other IT resources.

As a service it allows you to rotate, manage, and retrieve database credentials, API  keys, and other secrets through their lifetime.

Secrets Manager is fully integrated with AWS’  Identity and Access Management (IAM). This allows you to manage access to these secrets with the same level of fidelity you have come to expect from AWS in general.

For example, if you wanted to limit access to production passwords you might have a policy that prevents anyone outside of the corporate network from retrieving that data. However, you might allow your developers access to your development related secrets, when working on the development environment, wherever they are in the world.

Secrets Manager offers the ability to automatically rotate your secrets and passwords for you. Keeping in line with normal 30 and 60-day rotation guidelines that many corporation will have.

This functionality has been integrated with Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

And the most powerful feature of all is that all these interactions can be implemented as simple API calls. Allowing you to remove the obstacle we had encountered early with our cloud formation template where we had a plaintext password embedded right into the code.

Let's take a look at that template again.

Using AWS secrets manager we can remove the explicit reference to your password by adding a few extra lines of code. In order to do that however, we need to understand how to create a new secret inside Secrets Manager.


Course Introduction - Why Automate? - Automating with AWS - Creating a Secret - Putting It All Together - Wrap Up

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.