First, everything I am doing is from the CLI. I don't have permissions to use the web interface. I am trying to make a call to an existing Aurora Postrgres database using the AWS data api. I am following the directions on this page:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html
I am stuck on the section "Storing database credentials in AWS Secrets Manager".
I know how to create a secret (aws secretsmanager create-secret --name test2 --secret-string "{"Key":"test","Value":"12345"}") but I don't know what the --secret-string should be storing the database credentials.
All the documentation says is "Use Secrets Manager to create a secret that contains credentials for the Aurora DB cluster.", but it doesn't say what format the credentials should take.
When connecting to the database from my IDE I need to include the host, port, user, password, and database name. Do I need to include all of these in the secret-string?
"{"host":"my host","port":"12345","user":"my user","password":"my password","db_name":"my db name"}"
The SecretString
templates for different databases are listed in Templates for Amazon RDS Databases.
For PostgreSQL
the template is (I checked by manually creating secret in AWS console):
{
"username": "postgres",
"password": "adminpass",
"engine": "postgres",
"host": "<host-url>",
"port": 5432,
"dbClusterIdentifier": "<e.g. database-1>"
}
Alternatively, you can create the secret in AWS console, and inspect its structure. Then you can re-create the structure using AWS CLI.