Using AWS Secrets Manager for Storing and Rotating Database Credentials

45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

This hands-on lab walks you through how to create a secret in Secrets Manager and how to reference that secret in a CloudFormation template. Additionally, you will configure a 30-day rotation of that secret.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a New Secret in Secrets Manager (with Secret Rotation)
  • Create a secret for an RDS DB.
  • Store the secrets (i.e., username/password).
  • Set up secret rotation.
Create a Reference to the Secret in the CloudFormation Template
  • Select the lab-provided stack.
  • Modify the template to reference the secret in Secrets Manager.
Update CloudFormation Stack

Update the CloudFormation stack and verify the successful completion of the stack update.

Additional Resources


You have been tasked with removing secrets in code and storing them in Secrets Manager. You will also need to set up secret rotation in Secrets Manager.

Lab Setup

Please log in to the lab environment with the cloud_user credentials provided. Ensure you are using the us-east-1 Region throughout the lab.

The secrets code used in CloudFormation:

   MasterUsername: '{{resolve:secretsmanager:NewDbSecrets:SecretString:username}}'
   MasterUserPassword: '{{resolve:secretsmanager:NewDbSecrets:SecretString:password}}'

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?