Skip to content
hands-on lab

Storing and Rotating RDS Credentials in Secrets Manager

Beginner
1h 45m
6,012
4/5
Start lab
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

AWS Secrets Manager is a fully-managed service for managing sensitive digital credentials. Types of secrets that can be managed with AWS Secrets Manager include keys, passwords, tokens, and certificates. Secrets Manager can be used with other AWS services such as CloudTrail enabling sophisticated auditing and monitoring of secret storage and access.

One of AWS Secrets Manager's key features is the ability to automatically rotate a secret on a schedule. Secrets Manager integrates seamlessly with your existing AWS services, in addition, it can be easily configured to rotate credentials in external or unmanaged services using a custom Lambda function.

In this lab you will store a secret in Secrets Manager, you will update a Python web application to retrieve the secret and, you will enable automatic rotation of the password stored in the secret using Secrets Manager.

Learning Objectives

This is a beginner level lab, upon completion of this lab you will be able to:

  • Create a password in Secrets Manager
  • Update a Python application to fetch your password
  • Enable automatic rotation of your password in Secrets Manager

Intended Audience

  • Database Administrators (DBAs)
  • Cloud Engineers
  • Data Engineers

Prerequisites

You should have a conceptual understanding of databases and secret management

Knowledge of the Python programming language and the Linux command-line will be beneficial but is not required.

The following courses can be used to fulfill the prerequisites:

Updates

August 24th, 2023 - Resolved environment error

October 18th, 2022 - Resolved environment error

May 23, 2022 - Updated screenshots

April 7th, 2022 - Updated screenshots and instructions for accuracy

March 2nd, 2022 - Updated the instructions and screenshots to reflect the latest UI

January 17th, 2022 - Updated screenshot to reflect the latest UI

December 22nd, 2021 - Added warning about VPN interfering with stack creation

December 17th, 2021 - Updated rotation instructions to match the latest user-interface changes

November 2nd, 2021 - Clarified the template designer instructions

September 9th, 2021 - Clarified that the Python script should be indented with spaces

April 5th, 2021 - Updated the AWS CloudFormation step to avoid student network issues by using the designer instead of uploading a template file

July 20th, 2020 - Added a step detailing how to use Secrets Manager with AWS CloudFormation

Environment before
Environment after
About the author
Avatar
Andrew Burchill, opens in a new tab
Labs Developer
Students
66,413
Labs
164
Courses
2
Learning paths
4

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics
Databases
High Availability
Amazon Web Services
Databases for AWS
Amazon Aurora
Lab steps
Logging In to the Amazon Web Services Console
Creating a Secret for RDS in Secrets Manager
Connecting to the Virtual Machine using EC2 Instance Connect
Updating a Python Web Application to Use Secrets Manager
Rotating the RDS Instance Password Using Secrets Manager
Using Secrets Manager with CloudFormation