Difference between revisions of "AWS Secrets Manager"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
| (2 intermediate revisions by the same user not shown) | |||
| Line 44: | Line 44: | ||
* <code>[[secrets =]]</code> | * <code>[[secrets =]]</code> | ||
* [[AWS Lambda]] | * [[AWS Lambda]] | ||
| + | * [[AWSSecretsManagerReadWriteAccess managed policy]] | ||
| + | * [[AWS managed policy for AWS Secrets Manager]] | ||
== Activities == | == Activities == | ||
| Line 53: | Line 55: | ||
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager] | ||
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_secret.html Create an AWS Secrets Manager secret with AWS CloudFormation] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_secret.html Create an AWS Secrets Manager secret with AWS CloudFormation] | ||
| + | * [[Rotate Amazon RDS database credentials automatically with AWS Secrets Manager]] | ||
== See also == | == See also == | ||
Latest revision as of 13:41, 30 August 2024
wikipedia:AWS Secrets Manager (April 2018) [1]
- Homepage: https://aws.amazon.com/secrets-manager/
- Free tier: 30 days
Secrets rotation featured:
- Amazon Aurora on Amazon RDS
- MySQL on Amazon RDS
- PostgreSQL on Amazon RDS
- Oracle on Amazon RDS
- MariaDB on Amazon RDS
- Microsoft SQL Server on Amazon RDS
Contents
Secret Types[edit]
- AWS credentials: AWS Identity and Access Management (IAM)
- Encryption keys: KMS
- SSH keys
- Private keys and certificates
Automatic Rotation[edit]
- Granular control: Define custom rotation schedules (e.g., daily, weekly).
- Integration with AWS Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.
Fine-grained Access Control[edit]
- IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
- Secret versions: Maintain a history of past versions.
Audit and Monitor Secrets Usage[edit]
- Integration with AWS CloudTrail: Logs API calls to Secrets Manager, eg:
GetSecretValue - CloudWatch integration
Related terms[edit]
- Private key
- AWS Manage policy:
- AWS Config
- AWS CloudFormation
- AWS Systems Manager Parameter Store (Dec 2016)
- AWS Fargate
- Terraform resource: aws_secretsmanager_secret
- Terraform resource:
aws_secretsmanager_secret_version - Terraform secretsmanager
secrets =- AWS Lambda
- AWSSecretsManagerReadWriteAccess managed policy
- AWS managed policy for AWS Secrets Manager
Activities[edit]
- Read https://aws.amazon.com/secrets-manager/faqs/
- Read Fargate with Secret Manager https://awscloudsecvirtualevent.com/workshops/module4/fargate/
- Move hardcoded secrets to AWS Secrets Manager
- Move hardcoded database credentials to AWS Secrets Manager
- Set up alternating users rotation for AWS Secrets Manager
- Set up single user rotation for AWS Secrets Manager
- Create an AWS Secrets Manager secret with AWS CloudFormation
- Rotate Amazon RDS database credentials automatically with AWS Secrets Manager
See also[edit]
- AWS Secrets Manager:
aws secretsmanager[create-secret | list-secrets|get-secret-value | get-random-password ], arn:aws:secretmanager - AWS Secrets Manager, AWSSecretsManagerReadWriteAccess managed policy
- Secrets: Kubernetes secrets,
ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising:
