I need help writing the lambda function: I have two users one readonly and one read_write_user. I want to rotate the password of read_write_user periodically with the help of readonly user. Periodically means , I will set a cron expression for a lambda to run every 15 days something like that. I do not want to use rotation configuration of secrets manager. How can I achieve this? I tried using https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py but it is way complex than what I need.
1 Answers
0
votes
If this is a standard RDS database, you can use the Secrets Manager console to set this up for you and you will not need to create your own lambda.
Put your master RDS password in secrets manager. If you do not remember the master password, you can reset it using the RDS console. Now you can rotate both your read-only and read-write users by setting this up in the console. When you go to set it up, chose the option "Use a secret that I have previously stored in AWS Secrets Manager" and select your master password as the password to use to perform the rotation.
You can also setup "single user rotation" on your master password. When you set it up in the console, just choose "Use the same credentials" when it asks what credentials to use.
IDENTIFIED BY, which sets the password. – John Rotenstein