Automate all the things - Updating container secrets using CloudWatch Events + Lambda

In this episode, we cover the following topics:

• Developing a system for automatically updating containers when secrets are updated is a two-part solution. First, we need to be notified when secrets are updated. Then, we need to trigger an action to update the ECS service.
• CloudWatch Events can be used to receive notifications when secrets are updated. We explain CloudWatch Events and its primary components: events, rules and targets.
• Event patterns are used to filter for the specific events that the rule cares about. We discuss how to write event patterns and the rules of matching events.
• The event data structure will be different for each type of emitter. We detail a handy tip for determining the event structure of an emitter.
• We discuss EventBridge and how it relates to CloudWatch Events.
• We explain how to create CloudWatch Event rules for capturing update events emitted by both Systems Manager Parameter Store and AWS Secrets Manager.
• AWS Lambda can be leveraged as a trigger of CloudWatch Events. We explain how to develop a Lambda function that invokes the ECS API to recycle all containers.
• We finish up by showing how this works for a common use case: using the automatic credential rotation feature of AWS Secrets Manager with a containerized app running on ECS that connects to a RDS database.

Detailed Show Notes

Want the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/

Support Mobycast

https://glow.fm/mobycast

End Song

Night Sea Journey by Derek Russo

More Info

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

• Web: https://mobycast.fm
• Voicemail: 844-818-0993
• Email: [email protected]
• Twitter: https://twitter.com/hashtag/mobycast
• Reddit: https://reddit.com/r/mobycast