Difference between revisions of "AWS Secrets Manager"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
(Created page with " == See also == * {{AWS}} Category:AWS") Tags: Mobile web edit, Mobile edit |
|||
(66 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[wikipedia:AWS Secrets Manager]] ([[AWS timeline|April 2018]]) <ref>https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/</ref>. https://aws.amazon.com/secrets-manager/ | ||
+ | * [[Free tier]]: 30 days | ||
+ | == [[Secret rotation]] == | ||
+ | * [[Amazon Aurora]] on Amazon RDS | ||
+ | * [[MySQL]] on Amazon RDS | ||
+ | * [[PostgreSQL]] on Amazon RDS | ||
+ | * [[Oracle]] on Amazon RDS | ||
+ | * [[MariaDB]] on Amazon RDS | ||
+ | * [[Microsoft SQL Server]] on Amazon RDS | ||
+ | |||
+ | === Secret Types === | ||
+ | * [[AWS credentials]]: AWS Identity and Access Management ([[IAM]]) | ||
+ | * [[Encryption]] keys: [[KMS]] | ||
+ | * [[SSH]] keys | ||
+ | * [[Private keys]] and [[certificates]] | ||
+ | |||
+ | === Automatic Rotation === | ||
+ | * [[Granular control]]: Define custom rotation schedules (e.g., daily, weekly). | ||
+ | * Integration with [[AWS Lambda]]: Automate tasks during rotation, such as notifying admins or updating dependent systems. | ||
+ | |||
+ | === Fine-grained Access Control === | ||
+ | * [[IAM policies]]: Define granular permissions for different users and applications(e.g., view only vs. read/write). | ||
+ | * [[Secret versions]]: Maintain a history of past versions. | ||
+ | |||
+ | === Audit and Monitor Secrets Usage === | ||
+ | * Integration with [[AWS CloudTrail]]: Logs API calls to Secrets Manager, eg: <code>[[GetSecretValue]]</code> | ||
+ | * [[CloudWatch]] integration | ||
+ | |||
+ | == Related terms == | ||
+ | * [[Private key]] | ||
+ | * AWS Manage policy: | ||
+ | ** <code>[[SecretsManagerReadWrite]]</code> | ||
+ | ** <code>[[secretsmanager:GetSecretValue]]</code> | ||
+ | * [[AWS Config]] | ||
+ | * [[AWS CloudFormation]] | ||
+ | * [[AWS Systems Manager Parameter Store]] (Dec 2016) | ||
+ | * [[AWS Fargate]] | ||
+ | * [[Terraform resource: aws_secretsmanager_secret]] | ||
+ | * Terraform resource: <code>[[aws_secretsmanager_secret_version]]</code> | ||
+ | * [[Terraform secretsmanager]] | ||
+ | * <code>[[secrets =]]</code> | ||
+ | * [[AWS Lambda]] | ||
+ | * [[AWSSecretsManagerReadWriteAccess managed policy]] | ||
+ | * [[AWS managed policy for AWS Secrets Manager]] | ||
+ | |||
+ | == Activities == | ||
+ | * Read https://aws.amazon.com/secrets-manager/faqs/ | ||
+ | * Read Fargate with [[Secret Manager]] https://awscloudsecvirtualevent.com/workshops/module4/fargate/ | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded.html Move hardcoded secrets to AWS Secrets Manager] | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded-db-creds.html Move hardcoded database credentials to AWS Secrets Manager] | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-alternating.html Set up alternating users rotation for AWS Secrets Manager] | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager] | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_secret.html Create an AWS Secrets Manager secret with AWS CloudFormation] | ||
+ | * [[Rotate Amazon RDS database credentials automatically with AWS Secrets Manager]] | ||
== See also == | == See also == | ||
− | * {{AWS}} | + | * {{aws secretsmanager}} |
+ | * {{AWS Secrets Manager}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 20:40, 21 October 2024
wikipedia:AWS Secrets Manager (April 2018) [1]. https://aws.amazon.com/secrets-manager/
- Free tier: 30 days
Contents
Secret rotation[edit]
- Amazon Aurora on Amazon RDS
- MySQL on Amazon RDS
- PostgreSQL on Amazon RDS
- Oracle on Amazon RDS
- MariaDB on Amazon RDS
- Microsoft SQL Server on Amazon RDS
Secret Types[edit]
- AWS credentials: AWS Identity and Access Management (IAM)
- Encryption keys: KMS
- SSH keys
- Private keys and certificates
Automatic Rotation[edit]
- Granular control: Define custom rotation schedules (e.g., daily, weekly).
- Integration with AWS Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.
Fine-grained Access Control[edit]
- IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
- Secret versions: Maintain a history of past versions.
Audit and Monitor Secrets Usage[edit]
- Integration with AWS CloudTrail: Logs API calls to Secrets Manager, eg:
GetSecretValue
- CloudWatch integration
Related terms[edit]
- Private key
- AWS Manage policy:
- AWS Config
- AWS CloudFormation
- AWS Systems Manager Parameter Store (Dec 2016)
- AWS Fargate
- Terraform resource: aws_secretsmanager_secret
- Terraform resource:
aws_secretsmanager_secret_version
- Terraform secretsmanager
secrets =
- AWS Lambda
- AWSSecretsManagerReadWriteAccess managed policy
- AWS managed policy for AWS Secrets Manager
Activities[edit]
- Read https://aws.amazon.com/secrets-manager/faqs/
- Read Fargate with Secret Manager https://awscloudsecvirtualevent.com/workshops/module4/fargate/
- Move hardcoded secrets to AWS Secrets Manager
- Move hardcoded database credentials to AWS Secrets Manager
- Set up alternating users rotation for AWS Secrets Manager
- Set up single user rotation for AWS Secrets Manager
- Create an AWS Secrets Manager secret with AWS CloudFormation
- Rotate Amazon RDS database credentials automatically with AWS Secrets Manager
See also[edit]
- AWS Secrets Manager:
aws secretsmanager
[create-secret | list-secrets
|get-secret-value | get-random-password ], arn:aws:secretmanager
- AWS Secrets Manager, AWSSecretsManagerReadWriteAccess managed policy
Advertising: