-
Notifications
You must be signed in to change notification settings - Fork 25
2.2
Paul Duvall edited this page Nov 13, 2019
·
26 revisions
Review and ensure that you have setup your development environment before going through the steps below.
mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-2-rds.yml
Copy the contents below into the file and save it.
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
AllocatedStorage: "100"
DBInstanceClass: db.t3.small
Engine: MySQL
EngineVersion: "Z.7.22"
Iops: "1000"
MasterUserPassword: "password"
MasterUsername: "username"
Copy the CloudFormation CLI command below to launch the stack that creates an RDS database. This may take up to 10 minutes.
aws cloudformation create-stack --stack-name ceoa-2-rds --template-body file:///home/ec2-user/environment/ceoa/rds.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback
- Go to the Secrets Manager Console.
- Click Secrets and click the Store a new secret button.
- Click on the Other type of secrets radio button.
- Enter
bfranklinfor the User name text field. - Enter
F@under0fTheUSAfor the Password text field. - Click the Next button.
- Enter a Secret name and description on the Secret name and description page and click Next.
- On the Configure automatic rotation page, select the following radion buttons: Enable automatic rotation, Create a new Lambda function to perform rotation, and Use this secret.
- Enter
rds-rotation-lambdaas the New AWS Lambda function name. - Click the Next button.
- On the Review page, select the Python3 tab and copy the code sample to use later.
- Click the Store button.
- You will receive a message that looks similar to this: Your secret 'RDSCreds' has been successfully stored and rotation is being configured. Stay on this page. This can take up to 2 minutes to complete..
touch ceoa-2-sm-rotation.py
Copy the Python3 example into the file and save the contents. Run the Python program from the Cloud9 terminal to view the results.
python ceoa-2-sm-rotation.py
mysql -h DBIDENTIFIER.us-east-1.rds.amazonaws.com -P 3306 -u username -p
TBD
- https://raw.githubusercontent.com/PaulDuvall/aws-compliance-workshop/master/lesson6-continuous/rds.yml
- https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.MySQL.html
- https://www.ease2code.com/rds-error-2003-hy000-cant-connect-to-mysql-server-10060/
- Introduction
- Labs
- The Current State of Encryption
- Setup Development Environment
- Lesson 1: Automating AWS Resources
- Lesson 2: Key Management
- Lesson 3: Developing with Encryption
- Lesson 4: Encryption in Transit
- Lesson 5: Encryption at Rest
- Lesson 6: Detecting Encrypted Resources
- Lesson 7: Logging and Searching KMS Keys
- Lesson 8: Continuous Encryption
- Summary