AWS SecretsManager

1. Presented By: Mohit Saxena AWS SecretsManager

2. Lack of etiquette and manners is a huge turn oﬀ. KnolX Etiquettes Punctuality Join the session 5 minutes prior to the session start time. We start on time and conclude on time! Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter. Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call. Avoid Disturbance Avoid unwanted chit chat during the session.

3. Our Agenda 01 04:15 PM Overview 02 04:20 PM Uses 03 04:25 PM Features 04 04:30 PM Encryption 05 04:40 PM Rotation Demo

4. AWS SecretsManager Overview AWS SecretsManager enables customers to rotate, manage, and retrive database credentials, API keys, and other secrets throughout their lifecycle. ● IT Admins: Store and manage access to secrets securely and at scale. ● Security Admins: Audit and monitor the use of secrets, and rotate secrets without a risk of breaking applications ● Developers: Avoid dealing with secrets in their applications.

5. What Do We Want To Do?

6. Features Easy to use: ● Built-in integrations for rotating MySQL, PostgreSQL, and Amazon Aurora on RDS. ● Entensible with Lambda. ● Use versioning so that applications don't break with secrets are rotated. Fine-grained access control: ● IAM policies.

7. Features Secure/Audit/Monitor: ● Encrypted by default using encryption keys owned by the customer. ● Integrated with CloudTrail, and CloudWatch. E.g., Send an SNS notiﬁcation when an administrator deleted a secret. Pay as you go: ● No annual license or up front cost. ● $0.40 per secret per month (pro-rated based on the number of hours). ● $0.05 per 10,000 API calls.

8. Encryption All secrets protected at-rest and in-transit. At-rest: ● Secrets encrypted at rest using AWS Key Management Service (KMS). ● Choose your desired Customer Master Key (CMK) or AWS managed default encryption key. In-transit: ● Secrets encrypted in transit using Transport Layer Security (TLS). ● All API calls authenticated by SigV4 veriﬁcation.

9. How AWS Handles The Rotation? AWS does it in 4 stages and in order: 1. createSecret 2. setSecret 3. testSecret 4. ﬁnishSecret

10. How AWS Handles The Rotation? AWS does it in 4 steps and in order: 1. createSecret 2. setSecret 3. testSecret 4. ﬁnishSecret { "SecretId": "arn:aws:secretsmanager...secret:prod/foo-C8F3BL", "ClientRequestToken": "bbbbbbbbbbbbbbbbbbbbbbbb", "Step": "createSecret" }

11. How AWS Handles The Rotation? Labels: 1. AWSCURRENT 2. AWSPREVIOUS 3. AWSPENDING

12. How AWS Handles The Rotation?

16. Demo

17. Thank You ! Get in touch with us: Lorem Studio, Lord Building D4456, LA, USA

AWS SecretsManager

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

AWS SecretsManager

Plus De Contenu Connexe

Similaire à AWS SecretsManager (20)

Plus par Knoldus Inc. (20)

Plus récents (20)