I have an RDS DB instance created by Cloudformation. Now I need to store its master user credentials as a secret in AWS secrets manager service with automatic rotation schedule enabled. Since, RDS instances created via AWS Cloudformation expect master username and password as one of their mandatory parameters. And after automatic rotation, it will make my CFN template out of sync for parameters username and password in the future.
How can I achieve automatic rotation of this secret in this case ? And more broadly this question applies to other aws services which are created by CFN and expect some sort of secret at the time of creation e.g Amazon MQ service.
