amazon-web-servicesaws-serverlessaws-secrets-manageraws-aurora-serverlessaws-rds-data-service

What format should the secret-string take to connect to an Aurora Postgres database using AWS data api?


First, everything I am doing is from the CLI. I don't have permissions to use the web interface. I am trying to make a call to an existing Aurora Postrgres database using the AWS data api. I am following the directions on this page:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html

I am stuck on the section "Storing database credentials in AWS Secrets Manager".

I know how to create a secret (aws secretsmanager create-secret --name test2 --secret-string "{"Key":"test","Value":"12345"}") but I don't know what the --secret-string should be storing the database credentials.

All the documentation says is "Use Secrets Manager to create a secret that contains credentials for the Aurora DB cluster.", but it doesn't say what format the credentials should take.

When connecting to the database from my IDE I need to include the host, port, user, password, and database name. Do I need to include all of these in the secret-string?

"{"host":"my host","port":"12345","user":"my user","password":"my password","db_name":"my db name"}"


Solution

  • The SecretString templates for different databases are listed in Templates for Amazon RDS Databases.

    For PostgreSQL the template is (I checked by manually creating secret in AWS console):

    {
      "username": "postgres",
      "password": "adminpass",
      "engine": "postgres",
      "host": "<host-url>",
      "port": 5432,
      "dbClusterIdentifier": "<e.g. database-1>"
    }
    

    Alternatively, you can create the secret in AWS console, and inspect its structure. Then you can re-create the structure using AWS CLI.