Ensure that your Amazon RDS instances are using AWS Secrets Manager service to manage database access credentials in order to meet security and compliance requirements. Secrets Manager provides built-in integrations for MySQL, PostgreSQL and Aurora on Amazon Relational Database Service (RDS), and can rotate, manage and retrieve credentials for these database types natively.
With Amazon Secrets Manager you can secure and manage database credentials used to access AWS RDS database instances provisioned in your AWS account. Secrets Manager service will store RDS database credentials as part of the encrypted secret value (within the "SecretString" field).
Audit
To determine if Secrets Manager service is used to manage RDS database credentials within your AWS account, perform the following actions:
Remediation / Resolution
To use Amazon Secrets Manager service to store and manage AWS RDS database access credentials, perform the following actions:
References
- AWS Documentation
- AWS Secrets Manager FAQs
- What is AWS Key Management Service?
- AWS Secrets Manager Best Practices
- Tutorial: Rotating a Secret for an AWS Database
- AWS Command Line Interface (CLI) Documentation
- secretsmanager
- list-secrets
- get-secret-value
- create-secret
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Secrets Manager in Use for RDS Instances
Risk Level: Medium