英文:
How to move secrets from Amazon DynamoDB to AWS Secrets Manager
问题
我是新手AWS,我在DynamoDB中存储了一些秘密(ClientID和ClientSecrets),需要将它们迁移到AWS Secrets Manager。最佳方法是什么?自动化是首选方式。
英文:
I am new to AWS and I have some secrets(ClientID and ClientSecrets) stored in dynamodb which I need to move to AWS secrets manager. What is the best way to do this? Automation is a preferred way.
答案1
得分: 2
你可以使用AWS SDK编写自定义逻辑。您需要在要使用的支持的SDK中创建两个服务客户端。例如,您可以在Python、.NET、Java等中实现此功能。
- DynamoDB服务客户端。
- Secrets Manager服务客户端。
现在,通过调用DynamoDB服务客户端的query()来查询要从DynamoDB中检索的秘密。由于您正在使用Python,您可以使用以下链接:https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html。
一旦获得结果集,可以使用数据来通过调用Secrets Manager服务客户端的createSecret()来创建秘密。您可以使用以下链接:https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html
为了自动化此过程,将此逻辑封装在AWS Lambda函数中,然后使用cron表达式或Amazon EventBridge进行调度。有关详细信息,请参见:
英文:
You can write custom logic using the AWS SDK. You need to create 2 Service clients in the supported SDK you want to use. For example, you can implement this in Python, .NET, Java, and so on.
- DynamoDB Service Client.
- Secrets Manager Service Client.
Now query the secrets you want to retrieve from DynamoDB by invoking the DynamoDB Service Client's query(). As you are using Python, you can use: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html.
Once you get your result set, use the data to create secrets by invoking the Secrets Manager Service Client's createSecret(). You can use: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html
To automate this, wrap this logic in an AWS Lambda function and then schedule it using a cron expression or Amazon EventBridge. For details, see:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论