AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. In this lab, we connect to a MySQL RDS database from an AWS Lambda function using a username and password, and then we hand over credential management to the AWS Secrets Manager service. We then use the Secrets Manager API to connect to the database instead of hard-coding credentials in our Lambda function. By the end of this lab, you will understand how to store a secret in AWS Secrets Manager and access it from a Lambda function.
Successfully complete this lab by achieving the following learning objectives:
- Create Lambda Function
Create a Lambda function and join it to the provided VPC.
- Create the mysql layer and copy your code to the lambda function.
mysqllayer, and attach that layer to the function. Copy your code into the function
- Create a Secret in Secrets Manager
Use the Secrets Manager console to create a secret and enable automatic credential rotation.
- Modify Permissions
Enable the Secrets Manager VPC endpoint, modify the security group, and add a policy to the IAM role to allow it to connect to Secrets Manager.
- Test New Code
Using the code provided, test the connection to the RDS database from Lambda using the Secrets Manager API to obtain the authentication credentials.