Consider a blue-green AWS deployment (for a webapp + postgres RDS). Each environment has its own database instance and we will assume for now that db sync is achieved by manually creating a snapshot of the blue database and restoring it in the green environment.
If the blue environment has a rotating db secret for db credentials, is it good practice for the green environment to also use the same rotating secret instance for its db credentials? In cloudformation stack templates, this would require both blue's AWS::SecretsManager::SecretTargetAttachment and green's AWS::SecretsManager::SecretTargetAttachment to reference the same rotating secret. Is this possible and good practice?
It would be great to understand any blue-green RDS strategies that may work better - perhaps using a different syncing strategy. My RDS instances are not huge, around ~50 GBs. I am aware that AWS have rolled out managed blue-green deployments for RDS, but this does not yet include Postgres RDS. My major requirement is to retain rotating secrets.
N.B. I understand that this strategy will also have to share the KMS DB encryption key between environments.
