A step by step guide to using AWS Secrets Manager to store a new password with RDS
1. In the AWS Console search bar, enter Secrets Manager, and click the Secrets Manager result under Services:
2. Click on Store a new secret
3. As a secret type choose Credentials for Amazon RDS Database
4. Update the credentials information with the current username and password
6. The next step is to choose the RDS database and click Next
7. Enter a secret name – prod/webapp/auroradb and add a description to identify the secret name if needed
8. If needed change the resource permissions to share secrets across accounts (usually this step is not needed)
Note that not all the regions are supported at the moment
10. Click next to continue
11. The next step is to enable automatic rotation and choose the number of days when the rotation process will occur. Depending on the security requirements the value can vary between 1 day up to 1 year
12. In my case I have created a lambda function already which I have downloaded from
https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py
For different RDS instance refer to https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas
So I selected to use a rotation function from your account and then click Save
13. Once saved the rotation configuration should be Enabled with the respective interval
14. To retrieve the secret value click retrieve secret value
From the client-side, code is required to retrieve username and password from the secret manager. From the sample code, choose the required language for the sample code.
This is required before establishing the connection to the database.
For another language such as .Net a NuGet package exist and you may need to download the AWS SDK for .NET