Posted On: Oct 18, 2023

Amazon Redshift now supports integration with AWS Secrets Manager to simplify the management of Redshift administration (admin) credentials for your data warehouse. With this feature, Amazon Redshift works with AWS Secrets Manager to generate and manage your admin credentials when a database instance is created, modified, or restored. AWS Secrets Manager supports the entire lifecycle maintenance for your Amazon Redshift admin credentials which can help relieve you from complex credential management activities such as setting up custom AWS Lambda functions to manage password rotations.

The Redshift admin credentials are a mandatory set of credentials with special administrative privileges that are created when a database is spun up, and can be used to access data inside the database. The integration with AWS Secrets Manager enables the separation of duties as customers could provide secret creation and Redshift instance creation permissions to required users, while restricting permissions to retrieve the secrets value only to those individuals who need access. Furthermore, you have flexibility in encrypting the secrets using your own managed key or by using a KMS key AWS owns and manages for you. 

AWS Secrets Manager integration is now available for both provisioned clusters and Serverless in all AWS Regions where Amazon Redshift is available. For more information, visit Amazon Redshift database developer guide and blog.