how to create AWS Secrets Manager of “Credentials for RDS Database” type. i did not find attribute to configure secret manager type.
Similar type of query already posted by user in forum and there is no reply from anyone.
I think “Credentials for RDS Database” is really just a JSON string with a specific schema depending on the DB engine. Here’s what I found in the AWS docs.
I created a DB Secret in Secretsmanager and here’s the text that I got back.
{
"username":"<username>",
"password":"<password>",
"engine":"postgres",
"host":"<instance host name/resolvable DNS name>",
"port":<TCP port number>,
"dbname":"<database name>",
"dbInstanceIdentifier":"<db instance name>"
}
Yes that is the structure the AWS database rotation lambdas use to rotate database credentials. When we create RDS databases in Terraform we create a secret with this structure (with a random password value) and tell it to ignore changes to the secret string as the password will be changed outside of Terraform after initial creation.