(1) Go to the AWS Secrets Manager console, select Store a new secret
Note: You must have the AWSSecretsManagerReadWriteAccess managed policy permissions because this policy grants permissions to store secrets in Secrets Manager. Refer to the AWS Secrets Manager Documentation for more information about the minimum IAM permissions required to store a secret.
(2) Select Credentials for Amazon DocumentDB database. Then enter your User name
labUser, and the password for your Amazon DocumentDB cluster. Leave Encryption Key set to DefaultEncryptionKey. Then select your Amazon DocumentDB cluster that stars with
getting-started-with-documentdb. Choose Next.
(3) Specify values for Secret Name and Description. Secret names can be hierarchical for organizational purposes. Enter
Apps/DocumentDB/getting-started-with-documentdb-cluster, then enter a description and select Next.
(4) Select Next on the following screen, taking the default to Disable automatic key rotation. You will enable automatic key rotation in the next lab.
(5) On the Review page, scroll down and select the Python3 tab and view the code. Note the get_secret() function which calls your secret_name. You will see this code again in the Python client application used in the next section of this lab. Select Store to store your secret.
You have successfully stored your Amazon DocumentDB cluster’s credentials in AWS Secrets Manager secret. In the next, section, you will access your cluster from a Python client using this secret.