aws-secrets-manager-rotation-lambdas icon indicating copy to clipboard operation
aws-secrets-manager-rotation-lambdas copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

Provisioning of MySQL users

Open simonmarty opened this issue 1 year ago • 0 comments

Discussed in https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/discussions/150

Originally posted by estahn October 31, 2024 It would be great for the rotation function to create the user if it's not existing and grant the required permissions. This would act as an operator to sync secrets manager with MySQL users.

The secret would probably require to contain some further settings, e.g.

{
   "dbClusterIdentifier":"foboar",
   "engine":"mysql",
   "host":"myhost.ap-southeast-2.rds.amazonaws.com",
   "password":"foobarfoobarfoobar",
   "port":"3306",
   "username":"test-deleteme",
   "masterarn":"arn:aws:secretsmanager:ap-southeast-2:12345:secret:rds!cluster-0361984b970e",
   "rotate_cfg_user_host":"%",
   "rotate_cfg_grants":"SELECT, INSERT, UPDATE, DELETE ON `mydb`.*"
}

simonmarty avatar Nov 04 '24 19:11 simonmarty