Created
December 5, 2022 19:55
-
-
Save sumanmaity112/74ed9be7762e8fef662d5993a613cdac to your computer and use it in GitHub Desktop.
Rotate RDS password with auto generated password and store password in AWS secrets manager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # aws-cli/2.9.1 | |
| _generate_random_password(){ | |
| local length="${1:-64}" | |
| # You can fine tune the excluded characters | |
| aws secretsmanager get-random-password --password-length "${length}" --no-include-space --exclude-characters "{#\@\"\`'^&(/)%:;<>,_?}!$" --require-each-included-type --output text | |
| } | |
| _update_credential_in_secretsmanager() { | |
| local secret_id=${1} | |
| local password=${2} | |
| aws secretsmanager put-secret-value --secret-id "${secret_id}" --secret-string "${password}" 1> /dev/null | |
| } | |
| _rotate_rds_master_password() { | |
| local cluster_id="${1}" | |
| local secret_id=${2} | |
| local length=${3:-} | |
| local new_password | |
| new_password=$(_generate_random_password "${length}") | |
| _update_credential_in_secretsmanager "${secret_id}" "${new_password}" | |
| aws rds modify-db-cluster --db-cluster-identifier "${cluster_id}" --master-user-password "${new_password}" --apply-immediately 1> /dev/null | |
| } | |
| _rotate_rds_master_password "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment