DEV Community

Cover image for Two ways to manage secrets for AWS Redshift Serverless with AWS Secrets Manager !!

Two ways to manage secrets for AWS Redshift Serverless with AWS Secrets Manager !!

While I was working with AWS RDS Databases as part of my Devops journey, I used RDS databases and storing secrets for those DBs was efficient & easier with AWS Secrets Manager.

How do You & I feel, when the same feature has been introduced for the newly famous AWS Redshift Serverless Datawarehouse? Well, in my opinion, if we are using a service inside AWS, you have a feature from another service to compliment the former, then go with that, if it suits your requirement & budget

2 Ways to manage secrets for Amazon Redshift Serverless

Well, below 2 ways can be used to handle connect to an Amazon Redshift Serverless Database

1) We can use IAM User credentials to connect Or
2) Use secrets in AWS Secrets Manager to hold database credentials

If latter, then Secrets are created in 2 different ways as below.

From Redshift Serverless

A secret is auto generated when the Amazon Redshift Serverless default namespace is created

From Secrets Manager

A secret can be created inside AWS Secrets Manager, with secret type "Credentials for Amazon Redshift data warehouse" and most importantly, a tag key starting with 'Redshift'. Most importantly map the namespace with which this secret has to be associated with

To demonstrate, here, I have created a free trial version of "Amazon Redshift Serverless" to integrate with "AWS Secrets Manager" to create & store username and password for connecting with Amazon Redshift Serverless !!

Step 1

Firstly, Redshift Serverless workspace has to be created with a workgroup. The below screenshot is an "In Progress" status of the same

Image description

Step 2

Now, check for the "Status" of the created workspace in "Serverless Dashboard" in the console. Status, as you are aware, should in "Available" state

Image description

Step 3

Moving to AWS Secret Manager, Secret creation, set the required username, password for Amazon Redshift Serverless as below. Also, note that, selection of "Workspace" can be made with the list of Redshift Serverless workspaces at the bottom

Image description

Step 4

Complete the creation of secret by either enabling "Auto Rotation", if necessary. Thus, secret creation is done

Image description

Below examples have name changes for secrets or workspaces

View secrets in AWS Secrets Manager

Image description

View the associations in Amazon Redshift Serverless

Image description

Connect to the Redshift Query Editor

Databases in the workgroup or namespace can be connected using secrets created earlier(as below)
Image description

Bonus

On launching/using Amazon Redshift Serverless, AWS is providing $300 USD credit for 3 month trial period, to explore the feature !! I got one too :-)

Image description

I am eager to know about fellow community builders' idea or exposure of using these services together. Do let me know in the comments !!

Top comments (0)