Creating a Secret
Start course

This course explores how to use automation when creating Amazon RDS databases.

It includes using AWS Secrets Manager for increasing the security of provisioned resources by limiting human intervention.

Learning Objectives

  • Deploy RDS database using CloudFormation
  • Understand the role that AWS Secrets Manager can play in managing database usernames and passwords
  • Understand the importance of automation and the benefits of using CloudFormation

Intended Audience

This course is intended for anyone that needs to learn to automate the deployment of Amazon RDS databases.


To get the most out of this course, you should have a basic understanding of cloud computing using Amazon Web Services.

You should also know how to create relational databases using Amazon RDS.


If you have any questions relating to this course, please contact us at


Just like most things in AWS you have the ability to manually add resources such as secrets by hand in the console. 

It's all fairly simple, you can just fill in the blanks here with your username information and password that you want for the database. 

Selected the database you want to associate the secret with, and move onto the next section. 

Here we give the secret a name to make it easier to reference later… 

And click through to completion. And there you have it, fairly easy to create a new secret in the console.

However as mentioned previously this is adding the human element back into the equation, so let's instead see how to create a new secret within our cloud formation template.

Here is an example of that.

This secret will contain both the username and the password of the database we are also about to create. Since this information will be referenced by the database portion of the template, we need to declare this ahead of time.

As you can see, we are dynamically generating a 16 character password filled with random characters, excluding quotes, the at symbol, and the front and backslash.

Feel free to take a moment and pause the video to glance through the code.

As a note from AWS: “Secrets Manager ensures the secret isn’t logged or persisted by CloudFormation by using a dynamic reference to the secret. “

So once your cloud formation template finishes running and deploying the environment, your database should be dynamically linked to the appropriate secret without any worries about other AWS users finding it.

Next, let's take a look at putting all the pieces together.


Course Introduction - Why Automate? - Automating with AWS - Keeping Your Environment Secure with AWS Secrets Manager - Putting It All Together - Wrap Up

About the Author

William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.