“ I have checked the documents of AWS to resolve the issue of formation of existing aws secrets manager secrets across regions using replication and aws cli. So I checked for various solutions and found out that it can be a possible replication option of aws secret manager service and using aws cli. Pricing of aws secrets manager depends on number of requests.”
AWS Secrets manager helps you manage, retrieve and rotate database credentials, application credentials, OAuth tokens, API keys and other secrets throughout their lifecycles. Many AWS services store and use secrets in secret manager.
Secrets manager helps you improve your security posture because you no longer need hard-coded credentials in application source code. Storing the credentials in a secrets manager helps avoid possible compromise by anyone who can inspect your application or the components. You replace hard-coded credentials with a runtime call to the secrets manager service to retrieve credentials dynamically when you need them.
The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell. With minimal configuration, the AWS CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based AWS management console from the command prompt in your terminal program.
In this post, you will get to know formation of existing aws secrets manager secrets across regions using replication and aws cli. Here I have used a secret manager to store the secret credentials and replication of secrets across regions via replicate and aws cli option.
Architecture Overview
The architecture diagram shows the overall deployment architecture with data flow, aws secrets manager and cloudshell.
Solution overview
The blog post consists of the following phases:
- Store a Secret in Secrets Manager and Replicate the Secret to Other Region
- Create Existing Secret from Source region to Target Region Using AWS CLI
Phase 1: Store a Secret in Secrets Manager and Replicate the Secret to Other Region
- Open the secrets manager, store a secret with key value pair details. Give the secret name and store a secret.
- To replicate the existing secret to another region, Open the secret and goto replication tab and give the target region with a secret encryption key. Once the replication succeeded, we can check the same secret created in the target region and it will be in sync so that any changes happening in the source region secret will get replicated to the target region. We can check the secret versions created.
- Furthermore, We can use the option “promote replica to a standalone secret” so that the target secret gets unsynced from source secret. Also if target secret is no more required we can delete the target region secret as created via the replica secret delete option in source region.
Phase 2: Create Existing Secret from Source region to Target Region Using AWS CLI
- Open the CloudShell console, do list secret and retrieve the secret value of source region using aws cli commands. Create a secret in the target region using a secret string via aws cli commands.
Clean-up
Delete Secret Manager.
Pricing
I review the pricing and estimated cost of this example.
Cost of Secret Manager = 0.001 secrets and 127 requests = $0.0
Cost of Key Management Service = 45 requests (ap-south-1, us-east-1 and us-west-2) = $0.0
Summary
In this post, I showed “formation of existing aws secrets manager secrets across regions using replication and aws cli”.
For more details on AWS Secrets Manager, Checkout Get started AWS Secrets Manager, open the AWS Secrets Manager console. To learn more, read the AWS Secrets Manager documentation.
Thanks for reading!
Connect with me: Linkedin
Top comments (0)