By using AWS re:Post, you agree to the Terms of Use

Best practice of secrets rotation on multi region database


Customer uses aurora global table on multi region and their configuration is Active-Active. They use Aurora global table. Customer wants to rotate their secrets for Aurora and wants to know best practices how to implement that. Their application also sit in two regions, the app connects the database instance which is in same region when both region are alive. There is a blog post which explains how to setup secrets manager for Active-Standby configuration. But my customer wants to implement ACTIVE-ACTIVE configuration.
Is there any best practices and tips for using Secrets Manager with ACTIVE-ACTIVE database configuration?

1 Answer
Accepted Answer

Quick clarification... When you say "Active-Active", Aurora doesn't support active writer nodes in multiple regions at the same time with its' "Global Database" feature. There can be only one writer node in the primary region although secondary regions can all have many active reader nodes.

With respect to secrets, Secrets Manager now support multi-region secrets natively. See the docs here. Like Aurora, there is a primary region for the secrets which are then replicated to the secondary regions. This is now the preferred approach and architecturally similar to Aurora's.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions