Package to create a SecretsManager's secret with auto rotation.
Project description
AWS Secret Cdk
An AWS CDK library to manage SecretsManager secrets easily.
Description
SecretsManager is a great AWS service to manage your secrets e.g. database password. It is really easy to create and configure a secret through AWS console (UI). However it is NOTORIOUSLY difficult to create and manage secrets through CloudFormation. You need to create a lambda function, which executes secret rotation, ensure correct lambda function permissions and security groups, correctly configure secrets themselves with correct templates, etc. All in all, it is really painful. This library tackles this problem. In a nutshell, you just provide a database, for which the secret should be applied, and some other params. And that's it! You're good to go.
Assumptions
This Cdk library assumes the following:
- You have knowledge in AWS
- You have knowledge in AWS CloudFormation and AWS CDK for creating infrastructure-as-a-code.
How to use
# Suppose you have a stack (core.Stack) or an app (core.App) which are constructs.
from aws_cdk.core import Stack
from aws_cdk.aws_ec2 import Vpc
class MyStack(Stack):
def __init__(self):
super().__init__(...)
# Suppose you have defined a VPC:
self.vpc = Vpc(...)
# Suppose you have a database (or a cluster)
from aws_cdk import aws_rds
self.database = aws_rds.CfnDBCluster(...)
# Now simply create a secret with 30 day rotation.
from aws_secret_cdk.rds_secret import RdsSecret
from aws_secret_cdk.vpc_parameters import VPCParameters
self.rds_secret = RdsSecret(
stack=self,
prefix='MyResourcesPrefix',
vpc_parameters=VPCParameters(
rotation_lambda_vpc=self.vpc,
rotation_lambda_security_groups=[
# Your SG's.
],
rotation_lambda_subnets=self.vpc.private_subnets
),
database=self.database
)
Release history
2.0.3
Consistent naming.
2.0.2
Add docstrings.
2.0.1
Fix target types and target arns.
2.0.0
General bug fixes. Add permission for KMS key resource. Add secret template.
1.0.9
Add secrets manager as a valid principal to invoke rotation lambda.
1.0.8
Add S3 removal policy.
1.0.7
Don't use managed policies.
1.0.6
Aws Lambda dependency update.
1.0.5
Aws Lambda dependency update.
1.0.4
Dont create Code class instance.
1.0.3
Move packages into main package.
1.0.2
Fix manifest file.
1.0.1
Ensure bucket and bucket deployment has different names.
1.0.0
Initial commit. Add ability to create RDS secret and rotate it every 30 days.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aws_secret_cdk-2.0.3.tar.gz.
File metadata
- Download URL: aws_secret_cdk-2.0.3.tar.gz
- Upload date:
- Size: 68.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/2.7.15+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 284b5617c947070f67a5cb76ca69b38dd7c88af0f033fc0865256e79d6c86b50 |
|
| MD5 | 859088da0e9e493e20a2bbb696778a5c |
|
| BLAKE2b-256 | f66384f654036f56dc356106363d6a524ba42f38bd36b39fc75134276d5f4b8b |
File details
Details for the file aws_secret_cdk-2.0.3-py3-none-any.whl.
File metadata
- Download URL: aws_secret_cdk-2.0.3-py3-none-any.whl
- Upload date:
- Size: 66.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/2.7.15+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | aaf99dfabf47db7cc166666c14aea61784faedd863071db4e3a0e3ccd9a73fa6 |
|
| MD5 | 0ff61f8391108cdb972c232ac082a914 |
|
| BLAKE2b-256 | 1e5bbdbe17aa734d18d29e807ffb8a42447b0bba8a8f842a15590c3295b26e12 |
