Amazon RDS databases Amazon DocumentDB databases Amazon Redshift Other types of secrets

Secrets Manager rotation function templates

To create a Lambda rotation function with any of the following templates, we recommend you use the procedures in Automatically rotate an Amazon RDS, Amazon DocumentDB, or Amazon Redshift secret or Automatically rotate a secret. Secrets Manager includes the required dependencies when you turn on rotation, unless you create your Lambda rotation function by hand. The templates support Python 3.7.

Secrets Manager provides the following rotation function templates:

Topics

Amazon RDS databases
Amazon DocumentDB (with MongoDB compatibility) databases
Amazon Redshift
Other types of secrets

Amazon RDS databases

Topics

Amazon RDS MariaDB single user
Amazon RDS MariaDB alternating users
Amazon RDS MySQL single user
Amazon RDS MySQL alternating users
Amazon RDS Oracle single user
Amazon RDS Oracle alternating users
Amazon RDS PostgreSQL single user
Amazon RDS PostgreSQL alternating users
Amazon RDS Microsoft SQLServer single user
Amazon RDS Microsoft SQLServer alternating users

Amazon RDS MariaDB single user

Template name: SecretsManagerRDSMariaDBRotationSingleUser
Supported database/service: MariaDB database hosted on an Amazon Relational Database Service (Amazon RDS) database instance.
Rotation strategy: Single user rotation strategy.
SecretString structure: Amazon RDS MariaDB secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSMariaDBRotationSingleUser/lambda_function.py

Amazon RDS MariaDB alternating users

Template name: SecretsManagerRDSMariaDBRotationMultiUser
Supported database/service: MariaDB database hosted on an Amazon RDS database instance.
Rotation strategy: Alternating users rotation strategy.
SecretString structure: Amazon RDS MariaDB secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSMariaDBRotationMultiUser/lambda_function.py

Amazon RDS MySQL single user

Template name: SecretsManagerRDSMySQLRotationSingleUser
Supported database/service: MySQL database hosted on an Amazon Relational Database Service (Amazon RDS) database instance.
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon RDS MySQL secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSMySQLRotationSingleUser/lambda_function.py

Amazon RDS MySQL alternating users

Template name: SecretsManagerRDSMySQLRotationMultiUser
Supported database/service: MySQL database hosted on an Amazon RDS database instance.
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon RDS MySQL secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSMySQLRotationMultiUser/lambda_function.py

Amazon RDS Oracle single user

Template name: SecretsManagerRDSOracleRotationSingleUser
Supported database/service: Oracle database hosted on an Amazon Relational Database Service (Amazon RDS) database instance.
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon RDS Oracle secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSOracleRotationSingleUser/lambda_function.py

Amazon RDS Oracle alternating users

Template name: SecretsManagerRDSOracleRotationMultiUser
Supported database/service: Oracle database hosted on an Amazon RDS database instance.
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon RDS Oracle secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSOracleRotationMultiUser/lambda_function.py

Amazon RDS PostgreSQL single user

Template name: SecretsManagerRDSPostgreSQLRotationSingleUser
Supported database/service: PostgreSQL database hosted on an Amazon RDS database instance.
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon RDS PostgreSQL secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py

Amazon RDS PostgreSQL alternating users

Template name: SecretsManagerRDSPostgreSQLRotationMultiUser
Supported database/service: PostgreSQL database hosted on an Amazon RDS database instance.
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon RDS PostgreSQL secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSPostgreSQLRotationMultiUser/lambda_function.py

Amazon RDS Microsoft SQLServer single user

Template name: SecretsManagerRDSSQLServerRotationSingleUser
Supported database/service: Microsoft SQLServer database hosted on an Amazon RDS database instance.
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon RDS Microsoft SQLServer secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSSQLServerRotationSingleUser/lambda_function.py

Amazon RDS Microsoft SQLServer alternating users

Template name: SecretsManagerRDSSQLServerRotationMultiUser
Supported database/service: Microsoft SQLServer database hosted on an Amazon RDS database instance.
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon RDS Microsoft SQLServer secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRDSSQLServerRotationMultiUser/lambda_function.py

Amazon DocumentDB (with MongoDB compatibility) databases

Amazon DocumentDB single user

Template name: SecretsManagerMongoDBRotationSingleUser
Supported database/service: Amazon DocumentDB
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon DocumentDB secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerMongoDBRotationSingleUser/lambda_function.py

Amazon DocumentDB alternating users

Template name: SecretsManagerMongoDBRotationMultiUser
Supported database/service: Amazon DocumentDB
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon DocumentDB secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerMongoDBRotationMultiUser/lambda_function.py

Amazon Redshift

Amazon Redshift single user

Template name: SecretsManagerRedshiftRotationSingleUser
Supported database/service: Amazon Redshift
Rotation strategy: Single user rotation strategy.
Expected SecretString structure: Amazon Redshift secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRedshiftRotationSingleUser/lambda_function.py

Amazon Redshift alternating users

Template name: SecretsManagerRedshiftRotationMultiUser
Supported database/service: Amazon Redshift
Rotation strategy: Alternating users rotation strategy.
Expected SecretString structure: Amazon Redshift secret structure.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRedshiftRotationMultiUser/lambda_function.py

Other types of secrets

Generic rotation function template

Template name: SecretsManagerRotationTemplate
Supported database/service: None. You supply the code to interact with whatever service you want.
Rotation strategy: You can use this template to implement your own strategy. Rotation templates have four steps: How rotation works. To use a rotation function that you created based on this template, see Automatically rotate a secret.
Expected SecretString structure: You define this.
Source code: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/tree/master/SecretsManagerRotationTemplate/lambda_function.py

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Customize a rotation function

AWS CloudFormation