By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Best practice of secrets rotation on multi region database

0

Customer uses aurora global table on multi region and their configuration is Active-Active. They use Aurora global table. Customer wants to rotate their secrets for Aurora and wants to know best practices how to implement that. Their application also sit in two regions, the app connects the database instance which is in same region when both region are alive. There is a blog post which explains how to setup secrets manager for Active-Standby configuration. But my customer wants to implement ACTIVE-ACTIVE configuration.
Is there any best practices and tips for using Secrets Manager with ACTIVE-ACTIVE database configuration?

Topics
AnalyticsDatabaseSecurity, Identity, & Compliance
Tags
Amazon AuroraAWS Secrets Manager
Language
English
MODERATOR
AWS-User-3635684
asked 3 years ago446 views
1 Answer
0
Accepted Answer

Quick clarification... When you say "Active-Active", Aurora doesn't support active writer nodes in multiple regions at the same time with its' "Global Database" feature. There can be only one writer node in the primary region although secondary regions can all have many active reader nodes.

With respect to secrets, Secrets Manager now support multi-region secrets natively. See the docs here. Like Aurora, there is a primary region for the secrets which are then replicated to the secondary regions. This is now the preferred approach and architecturally similar to Aurora's.

AWS
PThawley
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content