While I try to create a new secrets for RDS using AWS CLI, I couldn't find the way where I could associate my secrets to RDS DB on creation itself.I have gone through the AWS CLI(https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/create-secret.html) and wasn't able to find a way for its association.
Do I need to do this step manually by logging into the console or could this be automated in some way? Could anyone please help.
Thanks.
The association is only based on the form of the secret-string. For the RDS the forms are listed here.
For instance, for mysql the form of the secret-string is as follows:
{
"engine": "mysql",
"host": "<required: instance host name/resolvable DNS name>",
"username": "<required: username>",
"password": "<required: password>",
"dbname": "<optional: database name. If not specified, defaults to None>",
"port": "<optional: TCP port number. If not specified, defaults to 3306>"
}
Thus, to create the secret for mysql using CLI:
mydb.json (example):{
"username": "admin",
"password": "asdf435325gfdg",
"engine": "mysql",
"host": "database-2.cba4sasaubqv.us-east-1.rds.amazonaws.com",
"port": 3306,
"dbInstanceIdentifier": "database-2"
}
aws secretsmanager create-secret --name mysql-info --secret-string file://mydb.json
The more confusing CLI part begins when you want to enable an automatic secret rotations. I will just leave a link for that (it also has CLI info) if you are interested in this as well:
