Adding the InfluxDB Single and Multi-user Secret Rotation Lambda functions #140
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Adding the InfluxDB Single and Multi-user Secret Rotation Lambdas. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Updating deployment package path to parent directory. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Fix typos in README. Signed-off-by: forestmvey <forestv@bitquilltech.com> * Fix formatting and removing not used variables. Signed-off-by: forestmvey <forestv@bitquilltech.com> --------- Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
…r token rotation only and single-user scheme for user password rotation. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…se styling. Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
Signed-off-by: forestmvey <forestv@bitquilltech.com>
…set_secret step for confused deputy checks Signed-off-by: forestmvey <forestv@bitquilltech.com>
…ing current token copying functionality for the multi-user rotator. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…ssions for the multi-user rotator. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…okens in a catch statement and re-throw exception. Signed-off-by: forestmvey <forestv@bitquilltech.com>
…rvices. Signed-off-by: forestmvey <forestv@bitquilltech.com>
forestmvey
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
N/A
Description of changes:
The InfluxDB Single and Multi-user Secret Rotation Lambdas enables the automatic rotation for users and tokens with
Timestream for InfluxDB. The Multi-user rotation lambda uses an admin authenticated session to rotate another token credentials. The Single-user rotation lambda rotates their own authenticated session to update a user password with a new random password.InfluxDB best practice for access management is to use users to create tokens for fine grain access control within an organization. Users permissions are scoped to
allAccesswithin an organization and tokens can have any set of permissions. Use the multi-user variant for managing token rotation and use the single-user variant for rotating user credentials.The
Timestream for InfluxDBendpoint is retrieved through get_db_instance. In the case of the Multi-user rotator the authenticated client performing the rotation is the influxAuthParametersSecretArn that is created on DB initialization.Validations:
Linting
single-user tests
multi-user tests
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.