Access Db credentials from Aws secret and rotate password using AWS lambda


AWS Secrets Manager is a privacy management service that helps you secure access to your IT applications, services, and services. This service allows you to customize, manage, and easily access website information, API keys, and other secrets throughout their life cycle.


With AWS Secrets Manager, you can easily rotate secrets, such as database credentials, using built-in integration for Amazon RDS for MySQL, PostgreSQL, and Amazon Aurora.

hey guys welcome back in this article I will demonstrate usage of secrets manager in AWS.

the example we’re gonna take his Python code connecting to my database which is in AWS Python code requires username password and the host name of relational database.

now the question is where I have to store these details sensor informations like password ,there are several different options to handle this but in this demo let’s see how to use secrets manager to securely store our credentials

Step 1:

for the purpose of this demo I have created relational database service with my sequel engine in AWS

Step 2:

let’s go and find its details for connecting, so we need to have its endpoint port number username and password

I’m using my secret workbench for interacting with my database

Here you can provide details of the Hostname(endpoint), Username, port & password.

Then click Test Connection.

initially, I want to have a table so that my application written in Python will interact with this database server and insults data into it.

I am going to create a table with the names of employees it has ID and names.

that got created an employee's table

Step 3:

I have written a small piece of Python code using MySQL connected driver

Recommended : Python3 , MySQL Connector (pip install mysql-connector-python) , boto3(pip install boto3) & aws cli configure.


import mysql.connectormydb = mysql.connector.connect(host = “Enter your endpoint url”,user=”Username”,passwd=”Password”,database=”databsename”)mycursor=mydb.cursor()sql = “insert into employess (id, name) values (%s,%s);”val = (1,”kashvi”)mycursor.execute(sql, val)mydb.commit()print(mycursor.rowcount, “record inserted.”)

After running this program 1 record is inserted into the table.

Step 4:

Create a secret manager.

  • Search secret manager
  • Click on Store a new secret
  • Then provide the secret type in this demo we use (Credentials for Amazon RDS database)
  • Provide the username and password of your RDS database
  • Select your database and then click next
  • Here you can provide the name of your secret
  • Then click next
  • Turn on the automatic rotation option
  • Set Time unit
  • Create lambda rotation function then click next

Rotation is the process of updating a secret from time to time. When you go around privacy, you update information on both the privacy and the website or service. You can set an automatic rotation of your secrets in the Privacy Manager.

  • Now review your configuration and then click the store button
  • You successfully created a secret manager.
  • Now click on the secret name
  • Click Retrieve secret value

Step 5:

Now we write a python code that accesses value from secret manager and start connecting to our database

So for that we use boto3 that we already install earlier.


import mysql.connectorimport boto3import jsonclient = boto3.client(‘secretsmanager’)response = client.get_secret_value(SecretId=’Provide your secret name’)secretDict = json.loads(response[‘SecretString’])mydb = mysql.connector.connect(host = secretDict[‘host’],user=secretDict[‘username’],passwd=secretDict[‘password’],database=secretDict[‘dbname’])mycursor=mydb.cursor()sql = “insert into employess (id, name) values (%s,%s);”val = (2,”hari”)mycursor.execute(sql, val)mydb.commit()print(mycursor.rowcount, “record inserted.”)
  • After executing this code you successfully inserted one more record.

So I hope this was very helpful and if you have any doubts or any questions you can write them down in the comment section below and I will try to answer you as soon as I can.

▬▬▬▬▬▬ Connect with me ▬▬▬▬▬▬

Youtube Subscription ►

Facebook Page: ►

Medium: ► https://techworldwithvijaypatel.mediu...

Dev: ►

Telegram Channel:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store