aws-secrets-manager-rotation-lambdas

aws-secrets-manager-rotation-lambdas copied to clipboard

SingleUser Rotation with Master Secret

1

Currently the code (for example [SecretsManagerRDSPostgreSQLRotationSingleUser](https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py)) uses the existing password (in the secret) to authenticate/login and then rotates it (as the [documentation](https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py#L20) explains). Probably a minor improvement, but does it...

akefirad

Adding .Net based framework for secret rotation and example lambda function for Let's Encrypt account keys stored in Secret Manager

4

*Issue #, if available:* *Description of changes:* Added source code for a .Net based lambda function to rotate secrets. Also included an example for Let's Encrypt private keys. By submitting...

paulfryer

Would be nice to be able to change the Runtime for the rotation function

2

Here is the yaml configuration for deploying the AWS::Serverless::Application ``` RDSSecretRotationService: Type: "AWS::Serverless::Application" Properties: Location: ApplicationId: arn:aws:serverlessrepo:region:id:applications/SecretsManagerRDSPostgreSQLRotationSingleUser SemanticVersion: 1.0.117 Parameters: endpoint: !Sub "https://secretsmanager.${AWS::Region}.${AWS::URLSuffix}" functionName: Fn::Join: - "" - - Fn::ImportValue:...

umairrahmad

Fixes issue 47 & 48

1

*Issue #, if available:* https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/issues/47 https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/issues/48 *Description of changes:* Line#201 - 203 fixes the bug if the GET_GRANTED_DDL contains more than one sql. Line#302 fixes the bug of failing to...

WilliamWeiWei

Edit rotation function comment to clarify that permissions are not kept in sync during scheduled rotations *Issue #, if available:* Confusion regarding permissions being kept in sync during scheduled rotations...

parimaldeshmukh

Postgres Multi User Rotation does not preserve grants

1

From: https://forums.aws.amazon.com/thread.jspa?threadID=322708 1. We create an environment and apply a bunch of grants. 2. A rotation occurs. This copies the grants over to the new user that's created. 3. We...

thekevinbrown

missing engine is not a cause for panic

1

If engine is missing, assume that the user still wants to rotate the secret. If the user deliberatly tries to connect to a non-postgres database, the right place to fail...

ahammond

Added method to reassign ownership for Postgres multi-user-rotation.

2

I created an alternative solution to the ownership problem for the multi-user-rotation. The solution provided by @thekevinbrown in issue #39 didn't work in our case. https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/pull/39#issuecomment-646551901 *Issue #, if available:*...

FloWi

Fix https://forums.aws.amazon.com/thread.jspa?threadID=322708

4

*Issue #, if available:* #38 *Description of changes:* Preserves grants on each rotation. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution,...

thekevinbrown

Ability to specify password length/specific characters to exclude

5

We've had some issues with some characters that are not excluded on mariadb. We are excluding the following: '%{}`/@"\'\\' It would be nice if that was configurable. It would also...

colin-teamcmp