Using Automation to Deploy AWS Databases
The course is part of these learning paths
This course explores how to use automation when creating Amazon RDS databases.
It includes using AWS Secrets Manager for increasing the security of provisioned resources by limiting human intervention.
- Deploy RDS database using CloudFormation
- Understand the role that AWS Secrets Manager can play in managing database usernames and passwords
- Understand the importance of automation and the benefits of using CloudFormation
This course is intended for anyone that needs to learn to automate the deployment of Amazon RDS databases.
To get the most out of this course, you should have a basic understanding of cloud computing using Amazon Web Services.
You should also know how to create relational databases using Amazon RDS.
If you have any questions relating to this course, please contact us at firstname.lastname@example.org.
We start off our cloud formation template by creating our new secret as previously described.
Then we add the database that we want to create. We will be building a small MySQL RDS database and will use our secrets manager password and username created above which is being dynamically referenced. As you will remember the password is being randomly generated at runtime which provides that extra layer of security.
We do have to circle back and update the properties of our newly created secret, so it understands we are dealing with an RDS database. This allows us to have our keys automatically rotated for us.
Finally, we will want to schedule the keys to do the actual rotation every 30 days. One interesting side note is that the keys will rotate immediately in order to prove this functionality is configured correctly. Further rotations will occur on whatever schedule you have programmed in. You will have to create the lambda function that does the actual rotation and put the ARN below
Here is a link to an AWS sample written in python:
And with all of that combined together into one CloudFormation template, you will have the ability to automatically deploy an RDS database with a random password that is automatically rotated every 30 days.
If your developers or applications ever need access to that password, you can configure their IAM permissions or roles to enable access.
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.