Giter VIP home page Giter VIP logo

Comments (12)

jbct avatar jbct commented on August 19, 2024 1

Hi ahammond. These samples are provided to customers to freely modify to fit their particular use case. This change is not something that we believe should be part of the generic template. I will note that Secrets Manager maintains the history and the previous versions can be retrieved by using the AWSPREVIOUS staging label.

from aws-secrets-manager-rotation-lambdas.

instantdelay avatar instantdelay commented on August 19, 2024 1

The current recommendation from RDS Proxy is to investigate using IAM-based authentication (which wouldn't involve Secrets Manager)

Who is this recommendation directed at? I'm a little confused because I don't think RDS Proxy supports IAM between the proxy and the database. The only option when setting up the proxy is to pick a Secrets Manager secret and an IAM role which has permission to read the secret.

from aws-secrets-manager-rotation-lambdas.

ahammond avatar ahammond commented on August 19, 2024

By adding

formerUser: string;
formerPassword: string;

to the secret, it exposes the information necessary for people to build workarounds, including the AWS RDS team, should they decide to have RDS Proxies support multi-user rotations.

from aws-secrets-manager-rotation-lambdas.

adithyasolai avatar adithyasolai commented on August 19, 2024

@ahammond

Thank you for bringing this to our attention.

We are working on appropriately prioritizing development on this issue.

from aws-secrets-manager-rotation-lambdas.

ahammond avatar ahammond commented on August 19, 2024

@adithyasolai already wrote the PR...

from aws-secrets-manager-rotation-lambdas.

adithyasolai avatar adithyasolai commented on August 19, 2024

@ahammond Yes, we will certainly take your implementation into consideration.

However, there is extra lift in ensuring that every newly-generated Rotation Lambda is updated with this change for all customers.

from aws-secrets-manager-rotation-lambdas.

ahammond avatar ahammond commented on August 19, 2024

from aws-secrets-manager-rotation-lambdas.

ahammond avatar ahammond commented on August 19, 2024

from aws-secrets-manager-rotation-lambdas.

jbct avatar jbct commented on August 19, 2024

@mrgrain reached out internally about this, and I apologize for misunderstanding the problem and overlooking the CDK related link. Let me follow up with the team on Monday for this and see what we can do to help.

from aws-secrets-manager-rotation-lambdas.

jbct avatar jbct commented on August 19, 2024

Hi ahammond. I was able to catch up with the RDS Proxy team and unfortunately multiuser rotations are unsupported with RDS Proxy at this time. They will be working on updating public documentation to make the details around this more clear.

The current recommendation from RDS Proxy is to investigate using IAM-based authentication (which wouldn't involve Secrets Manager), or switch to single user rotation.

from aws-secrets-manager-rotation-lambdas.

ahammond avatar ahammond commented on August 19, 2024

Sooo... RDS Proxy could detect when the username is toggling back between foo and foo_clone and auto-detect multiuser rotations. It could literally be that easy.

from aws-secrets-manager-rotation-lambdas.

shahrozhaidernbs avatar shahrozhaidernbs commented on August 19, 2024

The current recommendation from RDS Proxy is to investigate using IAM-based authentication (which wouldn't involve Secrets Manager)

Who is this recommendation directed at? I'm a little confused because I don't think RDS Proxy supports IAM between the proxy and the database. The only option when setting up the proxy is to pick a Secrets Manager secret and an IAM role which has permission to read the secret.

@instantdelay were you able to get any update on this? Looks like we can not just skip Secrets Manager with Proxy

from aws-secrets-manager-rotation-lambdas.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.