how to Rotate secrets for aurora instance ,ysql/postgresql

Question

How to rotate secrets(credentials) for Aurora mysql.postgresql using cloudformation. In the documentation, i see only its specified for RDS databases.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html

Answer

Hi,

Have a look the complete CFN teample at https://github.com/aws-samples/aws-aurora-cloudformation-samples/blob/master/cftemplates/Aurora-Postgres-DB-Cluster.yml

It contains the full details for all resources. The section of interest for you is:

```
AuroraSecretRotationSchedule:
    Condition: IsNotUseDBSnapshot
    Type: AWS::SecretsManager::RotationSchedule
    DependsOn:
      - SecretAuroraClusterAttachment
      - AuroraDBFirstInstance
    Properties:
      SecretId: !Ref AuroraMasterSecret
      RotationLambdaARN: !GetAtt CreateSecretRotationLambdaFnTrigger.SecretRotationLambdaARN
      RotationRules:
        AutomaticallyAfterDays: 30
```

Best,

Didier

how to Rotate secrets for aurora instance ,ysql/postgresql

相關內容