Automate creator username tags for AWS Secrets Manager secrets

AWS Secrets Manager → Amazon EventBridge → AWS Lambda

Automate tagging of AWS Secrets Manager secrets with the creator's username

This sample project demonstrates the automatic tagging of username to the secrets they created when user is authenticated via AWS IAM Identity Center. This enables easier ownership tracking and management of secrets across the organization.

Eventbridge rule is configured to look for CreateSecret events to invoke a Lambda function to tag the secret with the creator's username.

< Back to all patterns

Language:: Python
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/automate-secrets-manager-tags

Deploy

cdk deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: cdk destroy.

Additional resources

Match AWS Secrets Manager events with Amazon EventBridge

Created by:

Chan Shi Hui

Shi Hui is a Technical Account Manager working at AWS Singapore to build, run, and scale customer workloads on AWS.

Follow on LinkedIn