Contains sample code that can be used for rotation of secrets stored in AWS Secrets Manager.
Where other services are those beyond the stereotypical, such as databases, with a simple username+password combo.
-
Name: SecretsManagerCloudFront
-
Supported service: CloudFront. This Lambda function will add a header to requests from CloudFront to the backend origin service.
-
Rotation strategy: A secret contains a json string of 3 active key values. The Lambda Function will pop the oldest key, push a new key, then update a CloudFront distribution to match.
-
Expected
SecretString
structure:{ "key1": "<required:string>", "key2": "<required:string>", "key3": "<required:string>", }
-
Source code: SecretsManagerCloudFront/
-
Name: SecretsManagerAlb
-
Supported service: Application Load Balancer. This Lambda function will update the ALB Listener Rules to look for a static API key header. Unless the header is found, the request will be returned an HTTP403 Access Denied response.
-
Rotation strategy: A secret contains a json string of 3 active key values. The Lambda Function will pop the oldest key, push a new key, then update ALB Listener Rules to match.
-
Expected
SecretString
structure:{ "key1": "<required:string>", "key2": "<required:string>", "key3": "<required:string>", }
-
Source code: SecretsManagerAlb/
See CONTRIBUTING for more information.
This sample code is made available under the MIT-0 License. See the LICENSE file.