Ensure that your Amazon RDS instances are using AWS Secrets Manager service to manage database access credentials in order to meet security and compliance requirements. Secrets Manager provides built-in integrations for MySQL, PostgreSQL and Aurora on Amazon Relational Database Service (RDS), and can rotate, manage and retrieve credentials for these database types natively.
With Amazon Secrets Manager you can secure and manage database credentials used to access AWS RDS database instances provisioned in your AWS account. Secrets Manager service will store RDS database credentials as part of the encrypted secret value (within the "SecretString" field).
Audit
To determine if Secrets Manager service is used to manage RDS database credentials within your AWS account, perform the following actions:
Remediation / Resolution
To use Amazon Secrets Manager service to store and manage AWS RDS database access credentials, perform the following actions:
References
- AWS Documentation
- AWS Secrets Manager FAQs
- What is AWS Key Management Service?
- AWS Secrets Manager Best Practices
- Tutorial: Rotating a Secret for an AWS Database
- AWS Command Line Interface (CLI) Documentation
- secretsmanager
- list-secrets
- get-secret-value
- create-secret
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
AWS Secrets Manager in Use for RDS Instances
Risk level: Medium