Secret rotation using Amazon EventBridge Scheduler and AWS Lambda

Amazon EventBridge Scheduler → AWS Lambda → AWS Secrets Manager

Secret rotation in AWS Secrets Manager using Amazon EventBridge Scheduler and AWS Lambda

This sample project demonstrates rotating secrets in AWS Secrets Manager using Amazon EventBridge Scheduler and AWS Lambda at desired intervals for several use cases. e.g. rotating OAuth tokens with limited lifespan.

An EventBridge schedule is created based on the 'Secret rotation schedule' CDK parameter with rotation Lambda as the target which does the job

You could provide the interval at which you want the secret to be rotated as a cron or rate expression.

< Back to all patterns

Language:: Python
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/eventbridge-schedule-secret-rotation-cdk

Deploy

cdk deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: cdk destroy.

Additional resources

Using cron and rate expressions to schedule rules in Amazon EventBridge

AWS Secrets Manager rotation template

Created by:

Senthil Mohan

Senthil is a Solutions Architect at AWS working with ISVs in the UK to migrate, modernize and build their software products on AWS.

Follow on LinkedIn

Shubhankar Sumar

Shubhankar is a Sr. Solutions Architect at AWS working with ISVs in the UK to build, run, and scale their software products on AWS.

Follow on LinkedIn