Reputation: 59
Securing AWS RDS credentials for Lambda
Right now I am passing the username and password in as environment variables. The variables are retrieved from a different file so the cloudformation stored using git does not contain the password and username which is good. But, right now they are stored in plaintext when looking at the lambda in the console.
What is the best practice for storing these credentials in the most cloud provider agnostic way? I basically just don't want to use KMS or any other key storing AWS service.
Just for completeness I have also considered storing the password in a dynamodb table. Then I would use IAM to be able to retrieve those credentials. But, those credentials are still stored in plaintext. If this is the best way to retrieve credentials is there a best way to encrypt it or this path not the best.
Thanks for all comments and advice.
Upvotes: 1
Views: 476
Answers (1)
Reputation: 6164
We use AWS Secrets Manager for this exact situation. Works perfectly for us.
Upvotes: 5
Related Questions
- Allow AWS Lambda to access RDS Database
- Manage RDS access with AWS Secrets Manager
- Accessing RDS from Lambda
- Amazon RDS: How can I limit the RDS instance access to AWS Lambda functions and TO My computer?
- Use AWS API and RDS to securely access data
- User Authentication (Signup & Login) on AWS with Lambda, Cognito or IAM
- What is the best way to securely provide AWS RDS credentials to AWS Lambda functions?
- Query AWS RDS from Lambda Securely
- AWS Gateway API authentication with users stored in DynamoDB
- Security group for AWS Lambda to access RDS