AWS Database Blog

Category: AWS Secrets Manager

Securely assess database schema migrations using AWS SCT, Amazon RDS for Oracle, and AWS Secrets Manager

Database migration is a multi-step process comprised of assess, mobilize, and modernize phases with different tools and technologies involved. You can use tools such as AWS Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS) to accelerate each of these phases. An important part of AWS SCT is the report that it […]

Multi-user secrets rotation for Amazon RDS

Most database deployments have multiple database users who have varying degree of privileges on the data stored in the database, database structure, and administrative operations. In multi-user database environments, it’s important to grant and limit the privileges of different users based on their roles and needs. It’s also a best practice to limit the lifespan […]

Manage your AWS DMS endpoint credentials with AWS Secrets Manager

When configuring AWS Database Migration Service (AWS DMS) endpoints, you previously had to maintain the source and target credentials in plain text. In December 2020, we announced the integration of AWS DMS and AWS Secrets Manager, which allows you to take advantage of the built-in credential management capability in Secrets Manager to manage, retrieve, and […]

Create an AWS DMS endpoint to a third-party account via AWS Secrets Manager integration

When configuring AWS Database Migration Service (AWS DMS) endpoints, you previously had to maintain the source and target credentials, including auditing, updating, and rotating the database credentials themselves. On December 22, 2020, we announced the integration of AWS DMS and AWS Secrets Manager, which now allows you to manage and automatically rotate the source and […]

Use Python SQLAlchemy ORM to interact with an Amazon Aurora database from a serverless application

As organizations work to modernize their traditional applications to an event-driven, serverless model, a question that comes up frequently is how the object-relational mapping (ORM) layer should be managed. Packaging it with AWS Lambda functions increases its size and adds a cognitive burden on the development team to track. In addition, many organizations have requirements […]

Integrate Amazon Managed Blockchain identities with Amazon Cognito

When you authenticate with a web or mobile application, you typically do so with a username and password where you’re authenticated against a user database such as Amazon Cognito. You’re expected to secure your password and rotate it periodically or when it has been compromised. When you’re building a user-facing application that is running on […]

Manage AWS ElastiCache for Redis access with Role-Based Access Control, AWS Secrets Manager, and IAM

October 2022: This post was reviewed and updated with a new architecture diagram and code updates to factor the change from CDK 1.x to CDK 2.x. Amazon ElastiCache for Redis is an AWS managed, Redis-compliant service that provides a high-performance, scalable, and distributed key-value data store that you can use as a database, cache, message […]

Design patterns to access cross-account secrets stored in AWS Secrets Manager

This post discusses cross-account design options and considerations for managing Amazon Relational Database Service (Amazon RDS) secrets that are stored in AWS Secrets Manager. Amazon RDS is a managed service that makes it easy to set up, operate, and scale a relational database on AWS. Secrets Manager helps you securely store, encrypt, manage, rotate, and […]