2. Lack of etiquette and manners is a huge turn off.
KnolX Etiquettes
Punctuality
Join the session 5 minutes prior to
the session start time. We start on
time and conclude on time!
Feedback
Make sure to submit a constructive
feedback for all sessions as it is
very helpful for the presenter.
Silent Mode
Keep your mobile devices in silent
mode, feel free to move out of
session in case you need to attend
an urgent call.
Avoid Disturbance
Avoid unwanted chit chat during
the session.
4. AWS SecretsManager
Overview
AWS SecretsManager enables customers to rotate, manage, and retrive database credentials, API keys,
and other secrets throughout their lifecycle.
● IT Admins: Store and manage access to secrets securely and at scale.
● Security Admins: Audit and monitor the use of secrets, and rotate secrets without a risk of breaking
applications
● Developers: Avoid dealing with secrets in their applications.
6. Features
Easy to use:
● Built-in integrations for rotating MySQL, PostgreSQL, and Amazon Aurora on RDS.
● Entensible with Lambda.
● Use versioning so that applications don't break with secrets are rotated.
Fine-grained access control:
● IAM policies.
7. Features
Secure/Audit/Monitor:
● Encrypted by default using encryption keys owned by the customer.
● Integrated with CloudTrail, and CloudWatch. E.g., Send an SNS notification when an administrator
deleted a secret.
Pay as you go:
● No annual license or up front cost.
● $0.40 per secret per month (pro-rated based on the number of hours).
● $0.05 per 10,000 API calls.
8. Encryption
All secrets protected at-rest and in-transit.
At-rest:
● Secrets encrypted at rest using AWS Key Management Service (KMS).
● Choose your desired Customer Master Key (CMK) or AWS managed default encryption key.
In-transit:
● Secrets encrypted in transit using Transport Layer Security (TLS).
● All API calls authenticated by SigV4 verification.
9. How AWS Handles The Rotation?
AWS does it in 4 stages and in order:
1. createSecret
2. setSecret
3. testSecret
4. finishSecret
10. How AWS Handles The Rotation?
AWS does it in 4 steps and in order:
1. createSecret
2. setSecret
3. testSecret
4. finishSecret
{
"SecretId": "arn:aws:secretsmanager...secret:prod/foo-C8F3BL",
"ClientRequestToken": "bbbbbbbbbbbbbbbbbbbbbbbb",
"Step": "createSecret"
}
11. How AWS Handles The Rotation?
Labels:
1. AWSCURRENT
2. AWSPREVIOUS
3. AWSPENDING