2.2

2.2 AWS Secrets Manager

Review and ensure that you have setup your development environment before going through the steps below.

Create an RDS Database

mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-2-rds.yml

Copy the contents below into the file and save it.

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  MyDB: 
    Type: "AWS::RDS::DBInstance"
    Properties: 
      AllocatedStorage: "100"
      DBInstanceClass: db.t3.small
      Engine: MySQL
      EngineVersion: "5.7.22"
      Iops: "1000"
      MasterUserPassword: "password"
      MasterUsername: "username"

Copy the CloudFormation CLI command below to launch the stack that creates an RDS database. This may take up to 10 minutes.

aws cloudformation create-stack --stack-name ceoa-2-rds --template-body file:///home/ec2-user/environment/ceoa/rds.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback

Create a Secret in AWS Secrets Manager

1. Go to the Secrets Manager Console.
2. Click Secrets and click the Store a new secret button.
3. Click on the Other type of secrets radio button.
4. Enter bfranklin for the User name text field.
5. Enter F@under0fTheUSA for the Password text field.
6. Click the Next button.
7. Enter a Secret name and description on the Secret name and description page and click Next.
8. On the Configure automatic rotation page, select the following radion buttons: Enable automatic rotation, Create a new Lambda function to perform rotation, and Use this secret.
9. Enter rds-rotation-lambda as the New AWS Lambda function name.
10. Click the Next button.
11. On the Review page, select the Python3 tab and copy the code sample to use later.
12. Click the Store button.
13. You will receive a message that looks similar to this: Your secret 'RDSCreds' has been successfully stored and rotation is being configured. Stay on this page. This can take up to 2 minutes to complete..

Additional Resources

https://raw.githubusercontent.com/PaulDuvall/aws-compliance-workshop/master/lesson6-continuous/rds.yml