May 28, 2020 / Nirav Shah
In this blog post we will be talking all things about the AWS Secrets Manager, including What does the service do? Why would you need an AWS Secrets Manager? How can you use AWS Secrets Manager?
<strong><i>So what is AWS secrets manager?</i></strong>
AWS’s secrets manager protect your application, services and IT resources,Using Secrets Manager, you can secure and manage secrets used to access resources in the AWS Cloud, on third-party services, and on-premises
To more about please visit below link,
<a class=”linkcolor” href=”https://pages.awscloud.com/Getting-to-Know-AWS-Secrets-Manager_1014-SID_OD.html” target=”_blank” rel=”noopener”>https://pages.awscloud.com/Getting-to-Know-AWS-Secrets-Manager_1014-SID_OD.html</a>
Let’s see some key feature of the services
<ul class=”listing”>
<li>Rotate secrets safely</li>
<li>Built-in integrations, extensible with Lambda</li>
<li>On-demand or automatic rotation with versioning</li>
<li>Fine-grained access policies</li>
<li>Encrypted storage</li>
<li>Monitor and audit easily</li>
</ul>
<strong><i>Why should I use AWS Secrets Manager?</i></strong>
AWS Secrets Manager protects access to your applications, services, and IT resources, without the upfront investment and ongoing maintenance costs of operating your own infrastructure.
Please refer below link so that you can implement by own, and it’s easy
<a class=”linkcolor” href=”https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets.html” target=”_blank” rel=”noopener”>https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets.html</a>
<strong><i>What is Secret Rotation?</i></strong>
AWS Secrets Manager can rotate your secrets frequently. For instance, you can change your database password every 10 days keeping things very secure.
Secret rotation is handled through Lambda functions. AWS is providing built-in Lambda functions for rotating Amazon RDS passwords. But since the secret rotation is handled by Lambda functions, then any secret can be rotated as long as a Lambda function can be written to do it.
Basically there are two type of rotation
<ol class=”listing”>
<li>Self-rotation.</li>
<li>Master/user rotation.</li>
</ol>
Let’s take a look some use cases:
<ul class=”listing”>
<li>Managing secrets on the services which are currently integrated e.g MySQL, Postgresql, Amazon Aurora and RDS.</li>
<li>Storing, retrieving and rotating shared secret keys shared between different AWS resources in an account.</li>
<li>Storing, retrieving and rotating secrets at scale in an AWS environment with IAM policies to control access to secret</li>
</ul>
<strong>Costing:</strong>
<ul class=”listing”>
<li>$0.40 per secret per month (prorated based on the number of hours)</li>
<li>$0.05 per 10,000 API calls</li>
<li>a 30-day trial is currently available.</li>
<li>Cost of Lambda API calls (if applicable)</li>
</ul>
<strong>Other Cost:</strong> Operational Cost/Capital Cost of updating all the application code to start using this service.
<strong>Conclusion,</strong>
If you’re looking for automation and innovation, AWS Secrets Manager is an exciting new service. Basically, AWS Secrets Manager acts like a security engineer, providing multiple ways to maintain and manage secrets automatically. So what are you waiting for? It’s time to start redistributing your security tasks to AWS Secrets Manager.
Nirav Shah is the Director of Eternal Web Pvt Ltd, an AWS Advanced Consulting Partner and certified Odoo Partner based in the UK. With over a decade of experience in cloud computing, digital transformation, and ERP implementation, Nirav helps enterprises adopt the right technology to solve complex business challenges. He specialises in AWS infrastructure, Odoo ERP, and web development solutions for businesses across the UK and beyond.
Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.
