AWScloud~30 mins

Secrets Manager for credentials in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Secrets Manager for credentials

📖 Scenario: You are building a secure cloud application that needs to store database credentials safely. Instead of hardcoding passwords, you will use AWS Secrets Manager to store and retrieve these credentials securely.

🎯 Goal: Create an AWS Secrets Manager secret with database credentials, configure a variable to hold the secret name, retrieve the secret value using AWS CLI commands, and finally configure an IAM policy to allow access to the secret.

📋 What You'll Learn

Create a secret in AWS Secrets Manager with exact credentials

Define a variable holding the secret name

Use AWS CLI command to retrieve the secret value

Add an IAM policy statement allowing read access to the secret

💡 Why This Matters

🌍 Real World

Storing and managing sensitive credentials securely is critical in cloud applications to prevent leaks and unauthorized access.

💼 Career

Understanding AWS Secrets Manager and IAM policies is essential for cloud engineers and developers working on secure cloud infrastructure.

Progress0 / 4 steps

Create the secret with database credentials

Use the AWS CLI command to create a secret named MyDatabaseSecret with the exact JSON string containing username as dbadmin and password as SuperSecret123!.

AWS

# Use AWS CLI to create the secret with credentials
# Your code here

Need a hint?

Use the aws secretsmanager create-secret command with the --name and --secret-string options.

Define a variable for the secret name

Create a shell variable called SECRET_NAME and assign it the value MyDatabaseSecret.

AWS

aws secretsmanager create-secret --name MyDatabaseSecret --secret-string '{"username":"dbadmin","password":"SuperSecret123!"}'

# Define SECRET_NAME variable
# Your code here

Need a hint?

Use SECRET_NAME=MyDatabaseSecret to assign the variable.

Retrieve the secret value using AWS CLI

Write an AWS CLI command that uses the variable SECRET_NAME to get the secret value as plain text using aws secretsmanager get-secret-value with the --query SecretString and --output text options.

AWS

aws secretsmanager create-secret --name MyDatabaseSecret --secret-string '{"username":"dbadmin","password":"SuperSecret123!"}'

SECRET_NAME=MyDatabaseSecret

# Retrieve secret value using SECRET_NAME
# Your code here

Need a hint?

Use --secret-id $SECRET_NAME to specify the secret and --query SecretString --output text to get the secret value as plain text.

Add IAM policy statement for secret access

Write a JSON IAM policy statement that allows secretsmanager:GetSecretValue action on the resource ARN arn:aws:secretsmanager:us-east-1:123456789012:secret:MyDatabaseSecret-*.

AWS

aws secretsmanager create-secret --name MyDatabaseSecret --secret-string '{"username":"dbadmin","password":"SuperSecret123!"}'

SECRET_NAME=MyDatabaseSecret

aws secretsmanager get-secret-value --secret-id $SECRET_NAME --query SecretString --output text

# Add IAM policy statement JSON below
# Your code here

Need a hint?

Use the IAM policy JSON format with Effect, Action, and Resource keys.