-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding the InfluxDB Single and Multi-user Secret Rotation Lambda functions #140
Open
forestmvey
wants to merge
11
commits into
aws-samples:master
Choose a base branch
from
Bit-Quill:influxdb-secret-rotation-lambdas
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Adding the InfluxDB Single and Multi-user Secret Rotation Lambda functions #140
forestmvey
wants to merge
11
commits into
aws-samples:master
from
Bit-Quill:influxdb-secret-rotation-lambdas
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Adding the InfluxDB Single and Multi-user Secret Rotation Lambdas. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Updating deployment package path to parent directory. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Fix typos in README. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Fix formatting and removing not used variables. Signed-off-by: forestmvey <forestv@bitquilltech.com> --------- Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
…r token rotation only and single-user scheme for user password rotation. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…se styling. Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
…set_secret step for confused deputy checks Signed-off-by: forestmvey <forestv@bitquilltech.com>
…ing current token copying functionality for the multi-user rotator. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…ssions for the multi-user rotator. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…okens in a catch statement and re-throw exception. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…rvices. Signed-off-by: forestmvey <forestv@bitquilltech.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
N/A
Description of changes:
The InfluxDB Single and Multi-user Secret Rotation Lambdas enables the automatic rotation for users and tokens with
Timestream for InfluxDB
. The Multi-user rotation lambda uses an admin authenticated session to rotate another token credentials. The Single-user rotation lambda rotates their own authenticated session to update a user password with a new random password.InfluxDB best practice for access management is to use users to create tokens for fine grain access control within an organization. Users permissions are scoped to
allAccess
within an organization and tokens can have any set of permissions. Use the multi-user variant for managing token rotation and use the single-user variant for rotating user credentials.The
Timestream for InfluxDB
endpoint is retrieved through get_db_instance. In the case of the Multi-user rotator the authenticated client performing the rotation is the influxAuthParametersSecretArn that is created on DB initialization.Validations:
Linting
single-user tests
multi-user tests
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.