Monday, December 6, 2021

Creating an Aurora Database Instance with AWS CDK (Python) and Secret Manager

 Title: Creating an Aurora Database Instance with AWS CDK (Python) and Secret Manager


Introduction:

In this blog post, we will walk through the process of creating an Amazon Aurora database instance using AWS Cloud Development Kit (CDK) with Python. Additionally, we'll enhance the security of our application by utilizing AWS Secrets Manager to manage and retrieve our database credentials.


Prerequisites:

Before we begin, make sure you have the following prerequisites:


1. AWS CDK installed: [CDK Installation Guide](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html)

2. Python installed: [Python Installation Guide](https://www.python.org/downloads/)


Step 1: Set Up Your CDK Project

Create a new directory for your CDK project and navigate to it in your terminal.


mkdir aurora-cdk

cd aurora-cdk



Initialize your CDK project.


cdk init app --language python



Step 2: Install Required CDK Libraries

Install the necessary CDK libraries for Amazon Aurora and Secrets Manager.



pip install aws-cdk.aws-rds aws-cdk.aws-secretsmanager



Step 3: Import Dependencies in Your CDK App

Open the `app.py` file in your favorite code editor and import the required CDK modules.


from aws_cdk import (

    core,

    aws_rds as rds,

    aws_secretsmanager as secretsmanager

)



 Step 4: Define the CDK Stack

Define your CDK stack by creating a class that inherits from `core.Stack`. Inside the class, define the Aurora database instance and the Secrets Manager secret.


class AuroraCdkStack(core.Stack):


    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:

        super().__init__(scope, id, **kwargs)


        # Create a Secrets Manager secret for database credentials

        secret = secretsmanager.Secret(

            self,

            "AuroraSecret",

            secret_name="AuroraCredentials",

            generate_secret_string=secretsmanager.SecretStringGenerator(

                secret_string_template='{"username": "admin"}',

                generate_string_key="password",

                exclude_characters='"@/',

            )

        )


        # Create an Aurora database instance

        aurora_db = rds.DatabaseInstance(

            self,

            "AuroraDB",

            engine=rds.DatabaseInstanceEngine.aurora_postgres,

            master_username=secret.secret_value_from_json("username").to_string(),

            master_password=secret.secret_value_from_json("password").to_string(),

            instance_class=core.Fn.select(0, ["db.t3.small"]),

            vpc_subnets={"subnet_type": core.SubnetType.PRIVATE},

            removal_policy=core.RemovalPolicy.DESTROY  # WARNING: Do not use in production

        )


Step 5: Deploy Your CDK Stack

Deploy your CDK stack to create the Aurora database instance.



cdk deploy


### Conclusion:

Congratulations! You have successfully created an Amazon Aurora database instance using AWS CDK with Python. By integrating AWS Secrets Manager, you've enhanced the security of your application by securely managing and retrieving your database credentials.


Remember to manage your secrets and credentials responsibly, and never expose sensitive information in your code or configuration files.

at
Labels:
Subscribe to: Posts (Atom)

OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...