Putting It All Together


Course Introduction
RDS vs. EC2
RDS vs. EC2
DynamoDB Accelerator

The course is part of this learning path

Start course
4h 21m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the AWS database services relevant to the SAP-C02 exam. We then understand the service options available and learn how to select and apply AWS database services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Understand the various database services that can be used when building cloud solutions on AWS
  • Learn how to build databases using Amazon RDS, DynamoDB, Redshift, DocumentDB, Keyspaces, and QLDB
  • Learn how to create ElastiCache and Neptune clusters
  • Understand which AWS database service to choose based on your requirements
  • Discover how to use automation to deploy databases in AWS
  • Learn about data lakes and how to build a data lake in AWS

We start off our cloud formation template by creating our new secret as previously described.

Then we add the database that we want to create. We will be building a small MySQL RDS database and will use our secrets manager password and username created above which is being dynamically referenced. As you will remember the password is being randomly generated at runtime which provides that extra layer of security.

We do have to circle back and update the properties of our newly created secret, so it understands we are dealing with an RDS database. This allows us to have our keys automatically rotated for us.

Finally, we will want to schedule the keys to do the actual rotation every 30 days. One interesting side note is that the keys will rotate immediately in order to prove this functionality is configured correctly. Further rotations will occur on whatever schedule you have programmed in. You will have to create the lambda function that does the actual rotation and put the ARN below

Here is a link to an AWS sample written in python:

And with all of that combined together into one CloudFormation template, you will have the ability to automatically deploy an RDS database with a random password that is automatically rotated every 30 days. 

If your developers or applications ever need access to that password, you can configure their IAM permissions or roles to enable access.


Course Introduction - Why Automate? - Automating with AWS - Keeping Your Environment Secure with AWS Secrets Manager - Creating a Secret - Wrap Up

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.