search

aws-samples / aws-secrets-manager-rotation-lambdas

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager
MIT No Attribution
330 stars 282 forks source link

Allow PostgreSQL single user rotation on databases with restricted password management #50

Open tyron opened 3 years ago

tyron commented 3 years ago

Issue #, if available: n/a

Description of changes: When a RDS PostgreSQL instance is configured with restricted password management, only users member of rds_password role are allowed to change passwords. Setting this permission to any role grants permission to manage passwords in all roles, which might not be desirable. With the changes added on this feature, the masterarn field that is already used by the Multi User Rotation function can also be used in the Single User Rotation function. If this field is exists in the secret, then the Master user is used for setting the new password in the database. Otherwise, the user tries to change its own password.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

goyalya commented 2 years ago

Thank you for opening this request, We have noted this as a feature enhancement request.