Create a secret in AWS Secrets Manager

Store your Amazon DocumentDB cluster’s credentials in AWS Secrets Manager

(1) Go to the AWS Secrets Manager console, select Store a new secret AWS SM 1

Note: You must have the AWSSecretsManagerReadWriteAccess managed policy permissions because this policy grants permissions to store secrets in Secrets Manager. Refer to the AWS Secrets Manager Documentation for more information about the minimum IAM permissions required to store a secret.

(2) Select Credentials for Amazon DocumentDB database. Then enter your User name labUser, and the password for your Amazon DocumentDB cluster. Leave Encryption Key set to DefaultEncryptionKey. Then select your Amazon DocumentDB cluster that stars with getting-started-with-documentdb. Choose Next. AWS SM 2

(3) Specify values for Secret Name and Description. Secret names can be hierarchical for organizational purposes. Enter Apps/DocumentDB/getting-started-with-documentdb-cluster, then enter a description and select Next. AWS SM 3

(4) Select Next on the following screen, taking the default to Disable automatic key rotation. You will enable automatic key rotation in the next lab. AWS SM 3

(5) On the Review page, scroll down and select the Python3 tab and view the code. Note the get_secret() function which calls your secret_name. You will see this code again in the Python client application used in the next section of this lab. Select Store to store your secret. AWS SM 3

You have successfully stored your Amazon DocumentDB cluster’s credentials in AWS Secrets Manager secret. In the next, section, you will access your cluster from a Python client using this secret.