Secrets Manager

Owner
Verification
Tags
Last edited time	@April 12, 2023 7:42 PM

Meant to store secrets (Passwords, API keys) , can rotate every X days using Lambda

works with DB’s (RDS, Dynamo) , CloudFormation and more

can control access to secrets (cross account) using Resource based policy

(more expensive than parameter store , auto rotation , must use KMS)

👁️‍🗨️

to share secrets cross accounts - use resource base policy to allow encryption and decritption

Dynamic references: specify external values that are stored and managed in other services, such as the Parameter Store, in your stack templates. When you use a dynamic reference, CloudFormation retrieves the value of the specified reference when necessary during stack and change set operations.