Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Best practice of secrets rotation on multi region database

0

Customer uses aurora global table on multi region and their configuration is Active-Active. They use Aurora global table. Customer wants to rotate their secrets for Aurora and wants to know best practices how to implement that. Their application also sit in two regions, the app connects the database instance which is in same region when both region are alive. There is a blog post which explains how to setup secrets manager for Active-Standby configuration. But my customer wants to implement ACTIVE-ACTIVE configuration.
Is there any best practices and tips for using Secrets Manager with ACTIVE-ACTIVE database configuration?

Tópicos
AnáliseBanco de dadosSegurança, identidade e conformidade
Tags
Amazon AuroraGerenciador do AWS Secrets
Idioma
English
MODERADOR
AWS-User-3635684
feita há 3 anos459 visualizações
1 Resposta
0
Resposta aceita

Quick clarification... When you say "Active-Active", Aurora doesn't support active writer nodes in multiple regions at the same time with its' "Global Database" feature. There can be only one writer node in the primary region although secondary regions can all have many active reader nodes.

With respect to secrets, Secrets Manager now support multi-region secrets natively. See the docs here. Like Aurora, there is a primary region for the secrets which are then replicated to the secondary regions. This is now the preferred approach and architecturally similar to Aurora's.

AWS
PThawley
respondido há 3 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante