My new RDS Postgres database is Active, but when I go to Secrets Manager, it is not available to select. What am I doing wrong?
Related
I have a general question for the rds feature within aws credentials manager. When I get the secret, it looks like this:
Does this mean that these credentials directly will work or is the password encrypted? Like if I wanted to sign into my database with a connection what credentials do I use and do these credentials auto rotate with the cycling feature?
I assume you mean the RDSDataClient to access a database such as a Serverless Amazon Aurora instance.
To successfully connect to the database using the RdsDataClient object, you must setup an AWS Secrets Manager secret that is used for authentication. For information, see Rotate Amazon RDS database credentials automatically with AWS Secrets Manager.
To see an AWS tutorial that shows this concept and the corresponding code, see this example that uses the AWS SDK for Kotlin. You will need these values to make a successful connection:
private val secretArnVal = "<Enter the secret manager ARN>"
private val resourceArnVal = "<Enter the database ARN>" ;
See the full example here:
Creating the Serverless Amazon Aurora item tracker application using the Kotlin RdsDataClient API
I just tested this again (been a while since it was developed), and it works perfectly.
We will port this example to use other supported programming languages too - like AWS SDK for Java.
UPDATE
You only need to use Secret Manager when using the RDSDataClient. As mentioned in that tutorial, the RdsDataClient object is only supported for an Aurora Serverless DB cluster or an Aurora PostgreSQL. If you are using MySQL RDS, you cannot use the the RdsDataClient object. You would use a supported JDBC API.
I've been trying to access my AWS RDS database with my secrets manager, whenever I try to access the query editor it shows me connect to the database dialog, from there I select "Connect with Secret Manager ARN", after that I paste my secret manager ARN and click on connect!
every time it comes to an end with this error: Connection failed, please double check your database username, password, and assure the database is available.
The secret manager ARN I use is created using the option "Credentials for RDS connection" and the appropriate database is selected, what else should I do to have access to the database using secrets manager.
Note:
The data API is already enabled and I can successfully connect with database credentials but not with the secret manager ARN.
I have one RDS postgres instance which hosts multiple databases, these databases have their own usernames/passwords with which different applications connect. I want to store passwords for different databases in secrets manager but in secret manager i only see option to select the RDS instance and not the DBs inside that, so is it possible to store passwords for different databases in one RDS instance using secret type as "Credentials for RDS database", if yes then how ?
Yes you can. What you see in AWS Console, is just a simplified convenience frontend for storing master root password for your RDS. But in SM you can store any string you want, including for credentials for multiple databases hosted on a single RDS instance.
Just choose:
Select secret type -> Other type of secrets
and specify json string, or any format you want in Plaintext.
i'm trying to rewrite my infrastructure to cdk, I want to create ECS cluster with rails app with RDS MySQL, but I don't want to allow rails to connect with admin credentials, so I need to create rails user in db with proper GRANTS, how can I add mysql user with credentials from SSM with specific GRANTS?
We were planning to migrate from local Oracle database to AWS Aurora(Posgres) in my customer's AWS account with AWS DMS, but my customer told us they don't know whether AWS DMS is allowed to use or not in their AWS account(due to their company rule).
So, we are planning to do follow action in case of AWS DMS is impossible.
First: Migrate from local Oracle database to AWS Aurora(Posgres) in our AWS account with AWS DMS.
Second: Migrate from AWS Aurora(Posgres) in our AWS account to AWS Aurora(Posgres) in my customer's AWS account.
I tried searching how to migrate, but could't find the answer.
Does anyone know the idea?
Your architecture works.
I believe that you won't have any problem with the first step.
But for the second one, you have the following options:
If your AWS account can connect to your customer AWS Aurora, you can use DMS in your account to migrate your database.
If your AWS account can't connect to your customer AWS Aurora, you can create a dump file, send it to your customer and restore the dump in their account.