Posted On: Nov 25, 2019

Today, AWS Secrets Manager announced two changes that make it easier to rotate secrets automatically. First, customers can set up automatic rotation for Redshift clusters and DocumentDB instances via AWS CloudFormation easily. Customers can do this by using the SecretTargetAttachment resource to associate a Redshift cluster or Document DB instance with the corresponding secret created in Secrets Manager. Second, customers can set up rotation easily by specifying a serverless application. AWS will automatically create the Lambda function, IAM role, and IAM permissions needed to execute the rotation. To get started, view the CloudFormation examples to schedule secrets for rotation.

AWS Secrets Manager enables you to retrieve and manage secrets such as database credentials and API keys throughout their life cycle. AWS Secrets Manager also makes it easier to follow the security best practice of using short-term secrets by rotating secrets safely on a schedule that you determine. For example, you can configure Secrets Manager to rotate a database credential daily, turning a typical, long-term secret in to a short-term secret that is rotated automatically.  

For a list of regions where Secrets Manager is available, see the AWS Region table. To learn more about Secrets Manager, visit the documentation or read AWS blogs on Store, Distribute, and Rotate Credentials Securely and Rotate Amazon RDS database credentials automatically with Secrets Manager.