Keeping Your Environment Secure with AWS Secrets Manager
Start course

This course explores how to use automation when creating Amazon RDS databases.

It includes using AWS Secrets Manager for increasing the security of provisioned resources by limiting human intervention.

Learning Objectives

  • Deploy RDS database using CloudFormation
  • Understand the role that AWS Secrets Manager can play in managing database usernames and passwords
  • Understand the importance of automation and the benefits of using CloudFormation

Intended Audience

This course is intended for anyone that needs to learn to automate the deployment of Amazon RDS databases.


To get the most out of this course, you should have a basic understanding of cloud computing using Amazon Web Services.

You should also know how to create relational databases using Amazon RDS.


If you have any questions relating to this course, please contact us at


AWS secrets manager helps you to secure your company secrets, such as database password and usernames -  which are needed to access your applications and other IT resources.

As a service it allows you to rotate, manage, and retrieve database credentials, API  keys, and other secrets through their lifetime.

Secrets Manager is fully integrated with AWS’  Identity and Access Management (IAM). This allows you to manage access to these secrets with the same level of fidelity you have come to expect from AWS in general.

For example, if you wanted to limit access to production passwords you might have a policy that prevents anyone outside of the corporate network from retrieving that data. However, you might allow your developers access to your development related secrets, when working on the development environment, wherever they are in the world.

Secrets Manager offers the ability to automatically rotate your secrets and passwords for you. Keeping in line with normal 30 and 60-day rotation guidelines that many corporation will have.

This functionality has been integrated with Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

And the most powerful feature of all is that all these interactions can be implemented as simple API calls. Allowing you to remove the obstacle we had encountered early with our cloud formation template where we had a plaintext password embedded right into the code.

Let's take a look at that template again.

Using AWS secrets manager we can remove the explicit reference to your password by adding a few extra lines of code. In order to do that however, we need to understand how to create a new secret inside Secrets Manager.


Course Introduction - Why Automate? - Automating with AWS - Creating a Secret - Putting It All Together - Wrap Up

About the Author

William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.