Showing posts with label secret manager. Show all posts
Showing posts with label secret manager. Show all posts

November 19, 2022

Top 20 AWS EC2 Auto Scaling Interview Questions and Answers

 

 

To assist you make sure you have the appropriate number of Amazon EC2 instances available to handle the load for your application, Amazon EC2 Auto Scaling is a fully managed solution designed to deploy or terminate Amazon EC2 instances automatically. Through fleet management for EC2 instances, which recognises and replaces unhealthy instances, and by automatically scaling your Amazon EC2 capacity up or down in accordance with conditions you establish, Amazon EC2 Auto Scaling aids you in maintaining application availability. To preserve performance and lower costs, you may utilise Amazon EC2 Auto Scaling to automatically increase the number of Amazon EC2 instances during surges in demand.

 

AWS(Amazon Web Services) Interview Questions and Answers

AWS Cloud Interview Questions and Answers

 

Ques. 1): What is target tracking?

Answer:

You may quickly configure dynamic scaling for your application using target tracking, a new kind of scaling strategy. Goal tracking allows you to choose a load measure for your application, such as request count or CPU usage, define a target value, and Amazon EC2 Auto Scaling will change the number of EC2 instances in your ASG as necessary to meet that target. It works like a thermostat for your house, automatically altering the system to maintain the appropriate temperature. For instance, you may set goal tracking so that 50% of your fleet of web servers' CPUs are always in use. Then, to maintain an average CPU usage of 50%, Amazon EC2 Auto Scaling starts or terminates EC2 instances as necessary.

 

AWS AppSync Interview Questions and Answers

AWS Cloud9 Interview Questions and Answers

 

Ques. 2): How does capacity balance work in Amazon EC2 Auto Scaling?

Answer:

A best practise for well-architected applications is to balance resources across Availability Zones, since this considerably improves aggregate system availability. When you specify several zones in your EC2 Auto Scaling group settings, Amazon EC2 Auto Scaling automatically distributes EC2 instances across the configured zones. New instances are always started by Amazon EC2 Auto Scaling so that the fleet as a whole is balanced between zones as evenly as feasible. Additionally, Amazon EC2 Auto Scaling only starts up in Availability Zones with capacity for the requested instance type.

 

Amazon Athena Interview Questions and Answers

AWS RedShift Interview Questions and Answers

 

Ques. 3): What is meant by the phrase "stateful instances"?

Answer:

A stateful instance is one that contains data on it that is unique to that instance when the term is used. A stateful instance's data (or state information) is often lost when the instance is terminated. You might want to think about enabling instance protection to stop Amazon EC2 Auto Scaling from terminating a stateful instance or utilising lifecycle hooks to transfer the data off of it before it is terminated.


AWS Cloud Practitioner Essentials Questions and Answers

AWS EC2 Interview Questions and Answers

 

Ques. 4): When should I choose AWS Auto Scaling over Amazon EC2 Auto Scaling?

Answer:

To handle scaling for numerous resources across different services, you should utilise AWS Auto Scaling. Using specified scaling methods, AWS Auto Scaling enables you to define dynamic scaling policies for several EC2 Auto Scaling groups or other resources. It takes less time to manage scaling policies for all of the scalable resources in your application using AWS Auto Scaling than it does using individual service consoles for each resource. Additionally, it is simpler since AWS Auto Scaling comes with predefined scaling methods that make it simpler to set up scaling policies.

If you simply need to scale Amazon EC2 Auto Scaling groups or if you only care about keeping the health of your EC2 fleet, you should utilise EC2 Auto Scaling. If you need to set up scheduled or step scaling policies, or if you need to build or configure Amazon EC2 Auto Scaling groups, you should also utilise EC2 Auto Scaling (as AWS Auto Scaling supports only target tracking scaling policies).

The EC2 interface, the Auto Scaling API, or CloudFormation may all be used to establish and configure EC2 Auto Scaling groups outside of AWS Auto Scaling. You may define dynamic scaling policies for your current EC2 Auto Scaling groups with the aid of AWS Auto Scaling.


AWS Lambda Interview Questions and Answers

AWS Cloud Security Interview Questions and Answers

 

Ques. 5): A launch configuration is what?

Answer:

An EC2 Auto Scaling group will utilise a launch configuration as a template for launching EC2 instances. A key pair, one or more security groups, a block device mapping, the ID of the Amazon Machine Image (AMI), the instance type, and other details are all specified when creating a launch configuration for an instance. You provided the identical details to launch the instance if you've launched an EC2 instance before. An EC2 Auto Scaling group's launch settings must be specified when the group is created. You can use several EC2 Auto Scaling groups to describe your launch settings. One launch configuration may only be specified for one EC2 Auto Scaling group at a time, and once a launch configuration has been defined, it cannot be changed. Therefore, you must first construct a launch configuration before updating your EC2 Auto Scaling group with the new launch setting if you wish to alter the launch configuration for your EC2 Auto Scaling group. New instances are launched using the new configuration settings when the launch configuration for your EC2 Auto Scaling group is changed, but existing instances are unaffected.


AWS Simple Storage Service (S3) Interview Questions and Answers

AWS Fargate Interview Questions and Answers

 

Ques. 6): Is there a method to create a volume just using Amazon EC2 Auto Scaling without installing an instance?

Answer:

Each time a new instance is introduced, a volume is associated with it. When a volume is nearly full, Amazon EC2 Auto Scaling doesn't instantly add another. A volume can be added to an existing instance using the EC2 API.


AWS SageMaker Interview Questions and Answers

AWS DynamoDB Interview Questions and Answers

 

Ques. 7): What distinguishes Predictive Scaling Policy from AWS Auto Scaling Plan's Predictive Scaling?

Answer:

In EC2 Auto Scaling, Predictive Scaling Policy introduces the same prediction mechanism that is available through AWS Auto Scaling plan as a native scaling policy. As with other scaling policies like Simple Scaling or Target Tracking, you may utilise predictive scaling directly using the AWS Command Line Interface (CLI), EC2 Auto Scaling Management Console, and AWS SDKs. Predictive scaling does not need the creation of an AWS Auto Scaling plan.


AWS Cloudwatch interview Questions and Answers

AWS Elastic Block Store (EBS) Interview Questions and Answers

 

Ques. 8): An EC2 Auto Scaling group (ASG) is what, exactly?

Answer:

For the purposes of fleet management and dynamic scaling, an Amazon EC2 Auto Scaling group (ASG) is a collection of EC2 instances that have similar features and are considered as a logical grouping. If a single application runs on many instances, for instance, you could wish to raise the number of instances in that group to improve the performance of the application or decrease the number of instances to save expenses during periods of low demand. Even if an instance falls unwell or depending on criteria you provide, Amazon EC2 Auto Scaling will automatically alter the number of instances in the group to keep a fixed number of instances.


AWS Amplify Interview Questions and Answers

AWS Secrets Manager Interview Questions and Answers

 

Ques. 9): How do lifecycle hooks work?

Answer:

With the use of lifecycle hooks, you may intervene before an instance starts running or before it is destroyed. If you are not building your software environment into an Amazon Machine Image, this can be extremely helpful (AMI). For instance, launch hooks can configure an instance's software to make sure it is ready to handle traffic before Amazon EC2 Auto Scaling connects it to your load balancer. Connecting the launch hook to an AWS Lambda function that calls RunCommand on the instance is one method to do this. Terminate hooks may be helpful for gathering crucial information from an instance before it disappears. For example, you could use a terminate hook to preserve your fleet’s log files by copying them to an Amazon S3 bucket when instances go out of service.

 

AWS Django Interview Questions and Answers

AWS Cloud Support Engineer Interview Question and Answers

 

Ques. 10): How can I manage who has access to the resources in Amazon EC2 Auto Scaling?

Answer:

You may perform the following things thanks to the integration between Amazon EC2 Auto Scaling and AWS Identity and Access Management (IAM), a service:

  • Create users and groups under the AWS account for your company.
  • Provide each user with their own security credentials under your AWS account.
  • Manage the rights each user has to access AWS resources for tasks.
  • Share your AWS resources with users of other AWS accounts.
  • Define the users or services that can take responsibilities in your AWS account.
  • Use your company's current IDs to provide rights to carry out actions utilising AWS resources.
  • Create an IAM policy, for instance, allowing the Managers group to utilise only the DescribeAutoScalingGroups.

For example, you could create an IAM policy that grants the Managers group permission to use only the DescribeAutoScalingGroups, DescribeLaunchConfigurations, DescribeScalingActivities, and DescribePolicies API operations. Users in the Managers group could then use those operations with any Amazon EC2 Auto Scaling groups and launch configurations. With Amazon EC2 Auto Scaling resource-level permissions, you can restrict access to a particular EC2 Auto Scaling group or launch configuration.


AWS Solution Architect Interview Questions and Answers

AWS Glue Interview Questions and Answers

 

Ques. 11): What if an Availability Zone does not offer the instance types I prefer?

Answer:

The launches will be retargeted to other Availability Zones included in the Auto Scaling group if none of the specified instance types are available in one. If all instance types are not accessible in an Availability Zone, Auto Scaling will retarget and always prefer to maintain your computing distributed across Availability Zones.


AWS Cloud Interview Questions and Answers

AWS VPC Interview Questions and Answers         

 

Ques. 12): What distinguishes fleet management from dynamic scaling?

Answer:

You have a "fleet" if your application uses Amazon EC2 instances, as the term implies. The capability that automatically replaces unhealthy instances and keeps your fleet operating at the desired capacity is referred to as fleet management. The fleet management of Amazon EC2 Auto Scaling makes sure that both the instances themselves are operating properly and that your application can handle traffic. When Auto Scaling notices a failed health check, it can automatically switch out the instance.

The capability of Amazon EC2 Auto Scaling that automatically raises or reduces capacity based on demand or other variables is referred to as its dynamic scaling capabilities. For example, if your CPU spikes above 80% (and you have an alarm setup) Amazon EC2 Auto Scaling can add a new instance dynamically.

 

AWS DevOps Cloud Interview Questions and Answers

AWS Aurora Interview Questions and Answers

 

Ques. 13): What constitutes an instance that is "unhealthy"?

Answer:

An unhealthy instance is one that fails a user-configured ELB health check or where the hardware has degraded for whatever reason (bad disc, etc.). Each individual EC2 instance is periodically given a health check by Amazon EC2 Auto Scaling. If the instance is linked to an Elastic Load Balancing load balancer, it may additionally execute ELB health checks.


AWS Database Interview Questions and Answers

AWS ActiveMQ Interview Questions and Answers


Ques. 14): How may a damaged instance be replaced by Amazon EC2 Auto Scaling?

Answer:

Amazon EC2 Auto Scaling immediately kills an unhealthy instance and substitutes a new one when it fails a health check. Amazon EC2 Auto Scaling gently detaches the compromised instance from the load balancer if you're using one before generating a new one and connects it to the load balancer. When an instance has to be replaced, nothing needs to be done manually because everything is handled automatically.

 

AWS CloudFormation Interview Questions and Answers

AWS GuardDuty Questions and Answers

 

Ques. 15): Is it possible to scale instances across several purchasing choices with a single ASG?

Answer:

Yes. In a single Auto Scaling Group, you can provide and automatically scale EC2 capacity across several EC2 instance types, Availability Zones, and On-Demand, RIs, and Spot purchasing options. You may choose which instance types are best for your application, set the appropriate split between On-Demand and Spot capacity, and indicate your preferences for how EC2 Auto Scaling should allocate the ASG capacity within each purchase model.

 

AWS Control Tower Interview Questions and Answers

AWS Lake Formation Interview Questions and Answers

 

Ques. 16): Can I scale out my ASG on Spot instances after establishing a basic capacity using On-Demand instances and RIs?

Answer:

Yes. You may set the group's basic capacity to be met by On-Demand instances when creating an ASG to mix buying models. EC2 Auto Scaling makes ensuring that the basic capacity is filled with On-Demand instances when the ASG scales in or out, and that anything beyond that is filled with either entirely Spot instances or a specific % mix of On-Demand or Spot instances.

 

AWS Data Pipeline Interview Questions and Answers

Amazon CloudSearch Interview Questions and Answers 

 

Ques. 17): How long does it take Amazon EC2 Auto Scaling to launch a new instance in the inService state after identifying a malfunctioning server?

Answer:

Within minutes, everything is ready. The bulk of replacements take place in within five minutes, and on average it takes considerably less time. It depends on a number of variables, including how long it takes for your instance's AMI to boot up.

 

AWS Transit Gateway Interview Questions and Answers

Amazon Detective Interview Questions and Answers

 

Ques. 18): Can I alter an ASG's setup to reflect new characteristics for merging buying models and defining multiple instance types?

Answer:

Yes. Customers can update an existing ASG to change one or all parameters related to combining purchasing models and specifying multiple instance types, including instance types, priority order for On-Demand instances, percentage split between On-Demand and Spot instances, and allocation strategy. This is similar to how other ASG parameters can be changed.

 

Amazon EMR Interview Questions and Answers

Amazon OpenSearch Interview Questions and Answers

 

Ques. 19): What advantages does utilising Amazon EC2 Auto Scaling offer?

Answer:

Your Amazon EC2 instance availability is maintained with the aid of Amazon EC2 Auto Scaling. Using Amazon EC2 Auto Scaling, you can automatically replace any Amazon EC2 instances that become faulty, whether you are operating one or hundreds of them. This makes sure that your application has the expected amount of computing power. To reduce the need to manually provision Amazon EC2 capacity in advance, you may utilise Amazon EC2 Auto Scaling to automatically expand your Amazon EC2 fleet by following the demand curve for your applications. For instance, when the average usage of your Amazon EC2 fleet is high, you may establish a condition to add new instances in increments to the ASG. Likewise, when CPU utilisation is low, you can set a condition to remove instances in increments. Additionally, you may utilise Elastic Load Balancing (ELB) to distribute traffic to your instances inside the ASG and Amazon CloudWatch to transmit alarms that will start scaling actions. Predictive Scaling strategy may be used to proactively expand capacity in advance of impending demand if you have predicted load variations. You can run your Amazon EC2 fleet at maximum utilisation thanks to Amazon EC2 Auto Scaling.

 

AWS FinSpace Interview Questions and Answers

AWS MSK Interview Questions and Answers

 

Ques. 20): How would users be routed to the other servers in a group in the event of a breakdown without elastic load balancing (ELB)?

Answer:

You can connect to Route53 (which Amazon EC2 Auto Scaling does not currently support out of the box, but many customers use). You may also use your own reverse proxy or service discovery tools for internal microservices.

 

AWS EventBridge Interview Questions and Answers

AWS Simple Notification Service (SNS) Interview Questions and Answers



More on AWS:


AWS QuickSight Interview Questions and Answers

AWS SQS Interview Questions and Answers

AWS AppFlow Interview Questions and Answers

AWS QLDB Interview Questions and Answers

AWS STEP Functions Interview Questions and Answers

Amazon Managed Blockchain Questions and Answers

AWS Message Queue(MQ) Interview Questions and Answers

AWS Serverless Application Model(SAM) Interview Questions and Answers

AWS X-Ray Interview Questions and Answers

AWS Wavelength Interview Questions and Answers

AWS Outposts Interview Questions and Answers

AWS Lightsail Questions and Answers

AWS Keyspaces Interview Questions and Answers

AWS ElastiCache Interview Questions and Answers

AWS ECR Interview Questions and Answers

AWS DocumentDB Interview Questions and Answers

 

 

April 18, 2022

Top 20 AWS Secrets Manager Interview Questions and Answers

 

 

    AWS Secrets Manager is nothing more than a safe deposit box where you may store all of your valuables that you don't want to expose publicly, such as critical papers and jewellery, and only you will have access to them. AWS secrete manager, in technical terms, manages API keys, secrete keys, client keys, tokens, and DB credentials, among other things.

 AWS RedShift Interview Questions and Answers

Ques. 1): What is AWS Secrets Manager, and how does it work?

Answer:

AWS Secrets Manager is a secret management solution that aids in the security of your applications, services, and IT resources. This service makes it simple to rotate, manage, and retrieve database credentials, API keys, and other secrets at any time during their lifetime. You can safeguard and manage secrets used to access resources in the AWS Cloud, on third-party services, and on-premises with Secrets Manager.

 AWS Cloud Practitioner Interview Questions and Answers

Ques. 2): What are the benefits of using AWS Secrets Manager?

Answer:

Without the upfront investment and ongoing maintenance costs of running your own infrastructure, AWS Secrets Manager protects access to your apps, services, and IT resources.

Secrets Manager is a secure and scalable means of storing and managing secrets for IT managers. Secrets Manager allows security administrators to monitor and cycle secrets without affecting applications, allowing them to meet regulatory and compliance requirements. Secrets Manager can be retrieved programmatically by developers that want to replace hardcoded secrets in their apps.

  AWS EC2 Interview Questions and Answers

Ques .3): What is the significance of a Secrets manager?

Answer:

There are two scenarios:

In server-side programmes, it's sometimes simple to manage environment-specific secret values. Because there are various servers on which you may easily construct environment-specific settings. However, if we don't retain such data in code, we risk losing them, and keeping those values in code or a repository that may be directly available to developers in the production environment is not encouraged.

A client-side application is another example. It's basically static code in a static file, and it's not secure if we store secret values.

In both circumstances, the secrets manager proves to be a lifesaver. AWS credential may manage and get secrete values from the secrete manager for server-side code. Client-side integration with STS token is required to provide temporary AWS credentials that are only valid for the secret manager service.

  AWS Lambda Interview Questions and Answers

Ques. 4): What am I able to accomplish with AWS Secrets Manager?

Answer: 

AWS Secrets Manager gives you centralised storage, retrieval, access control, rotation, auditing, and monitoring of secrets.

You can encrypt secrets at rest to limit the chances of sensitive data being viewed by unauthorised individuals. To retrieve secrets, simply replace plain text secrets in your applications with code that uses the Secrets Manager APIs to pull in those secrets programmatically. To govern which users and applications have access to these secrets, you utilise AWS Identity and Access Management (IAM) policies. You can rotate passwords for supported database types hosted on AWS on a schedule or on demand, with no danger of affecting applications. By changing sample Lambda functions, you can expand this feature to rotate other secrets, such as passwords for Oracle databases stored on Amazon EC2 or OAuth refresh tokens. Secrets Manager interacts with AWS CloudTrail, Amazon CloudWatch, and Amazon Simple Notification Service, allowing you to audit and monitor secrets (Amazon SNS).

  AWS Simple Storage Service (S3) Interview Questions and Answers

Ques. 5): What are the advantages of using Secret Manager?

Answer:

Secrets should be rotated safely ( you can keep expiry and rotate values whenever needed )

Fine-grained policies can be used to control access ( you can create a policy that enables developers to retrieve secrete values )

Secrets should be kept secure and audited centrally ( it gives audit trail how many used from which account )

You can pay as you go ( No of secret value and no of API calls made for retrieval )

Secrets can be easily replicated throughout multiple regions ( cross regions access is allow )

  AWS Fargate Interview Questions and Answers

Ques. 6): In AWS Secrets Manager, what secrets can I manage?

Answer:

Database credentials, on-premises resource credentials, SaaS application credentials, third-party API keys, and Secure Shell (SSH) keys are among the secrets you can manage. You may save a JSON document in Secrets Manager, which allows you to manage any text blurb that is 64 KB or smaller.

  AWS SageMaker Interview Questions and Answers

Ques. 7): With AWS Secrets Manager, what secrets can I rotate?

Answer:

For Amazon Relational Database Service (RDS), Amazon DocumentDB, and Amazon Redshift, you can rotate credentials directly. By changing sample AWS Lambda methods accessible in the Secrets Manager documentation, you can extend Secrets Manager to rotate other secrets, such as Oracle database credentials housed on EC2 or OAuth refresh tokens.

  AWS Cloudwatch interview Questions and Answers

Ques. 8): How will these secrets be used in my application?

Answer:

To begin, create an AWS Identity and Access Management (IAM) policy that allows your app to access specified secrets. Then, in the source code of the application, you may replace plain text secrets with code that allows you to get these secrets programmatically using the Secrets Manager APIs. Please visit the AWS Secrets Manager User Guide for further information and examples.

  AWS Amplify Interview Questions and Answers

Ques. 9): What is require to access secrets manager?

Answer:

AWS credentials ( combination of access key and secret key )

AWS SDK ( server side SDK or client side SDK)

 AWS Cloud Interview Questions and Answers Part - 1

Ques. 10): What is the best way to get started with AWS Secrets Manager?

Answer:

To get started with AWS Secrets Manager, follow these steps:

1.       Find out what your secrets are and where they're used in your apps.

2.       Using your AWS credentials, log in to the AWS Management Console and go to the Secrets Manager console.

3.       Upload the secret you discovered using the Secrets Manager console. You can also upload a secret using the AWS SDK or AWS CLI (once per secret). You can also use a script to upload a large number of secrets.

4.       Follow the instructions on the console to set up automatic rotation if your secret hasn't been used yet. Before establishing automatic rotation, do steps (5) and (6) if applications are using your secret.

5.       If other users or applications need to retrieve the secret, write an IAM policy to grant permissions to the secret.

6.     Update your applications to retrieve secrets from Secrets Manager.

 AWS Cloud Interview Questions and Answers Part - 2

Ques. 11): What is the difference between Secrets Manager and Parameter Store?

Answer:

Secrets Manager: It allows you to name and store a single string or binary value of up to 64kbytes. KMS is used to encrypt the full string, with either a default or customer-specified KMS key. The string is usually a JSON object, which the AWS Console will parse and display as individual name-value pairs for you to inspect or change. You'll have to parse the secret yourself if you use the CLI or a programme to access it.

Parameter Store: Individual values are stored using a hierarchical key in Parameter Store (like many others, I omit the "Systems Manager" part of its name). You can obtain individual keys, such as /database/username and /database/password, or all keys that begin with /database. Simple strings, comma-separated lists (which you must parse), and encrypted strings are all possible values (which also support default and custom KMS keys). You can choose whether or not to decrypt encrypted values while retrieving data.

  AWS Cloud Support Engineer Interview Question and Answers

Ques. 12): How does AWS Secrets Manager handle database credential rotation while keeping apps running smoothly?

Answer:

AWS Secrets Manager allows you to set a schedule for database credential rotation. This allows you to adhere to security best practises and securely rotate your database credentials. When Secrets Manager starts a rotation, it creates a clone user with the same privileges as you, but with a different password, using the super database credentials you gave. The clone user information is then communicated to databases and apps, which retrieve the database credentials. The AWS Secrets Manager Rotation Guide can help you learn more about rotation.

  AWS Solution Architect Interview Questions and Answers

Ques. 13): Is it true that changing database credentials has an influence on open connections?

Answer:

No. When a connection is established, authentication takes place. The open database connection is not re-authenticated when AWS Secrets Manager rotates a database credential.

  AWS DevOps Cloud Interview Questions and Answers

Ques. 14): When AWS Secrets Manager rotates a database credential, how do I know?

Answer:

When AWS Secrets Manager rotates a secret, you can set up Amazon CloudWatch Events to receive a signal. You can also use the Secrets Manager console or APIs to see when a secret was last rotated.

  AWS(Amazon Web Services) Interview Questions and Answers

Ques. 15): What methods does AWS Secrets Manager use to keep my secrets safe?

Answer:

AWS Secrets Manager protects data in transit with encryption keys you own and manage in the AWS Key Management Service (KMS). AWS Identity and Access Management (IAM) policies can be used to restrict access to the secret. When you retrieve a secret, Secrets Manager decrypts it and sends it to your local environment securely over TLS. The secret is not written or cached to persistent storage by default in Secrets Manager.

  AWS Database Interview Questions and Answers

Ques. 16): In AWS Secrets Manager, who may use and manage secrets?

Answer:

To regulate the access permissions of users and applications to retrieve or manage specific secrets, you can use AWS Identity and Access Management (IAM) policies. You can, for example, set up a policy that only allows developers to access secrets used in the development environment. Visit AWS Secrets Manager Authentication and Access Control for additional information.

  AWS ActiveMQ Interview Questions and Answers

Ques. 17): AWS Secrets Manager encrypts my secrets in what way?

Answer:

AWS Secrets Manager encrypts your secrets in AWS Key Management Service using envelope encryption (AES-256 encryption technique) (KMS).

You can specify the AWS KMS keys to encrypt secrets when you initially use Secrets Manager. Secrets Manager produces AWS KMS default keys for your account if you don't give a KMS key. Secrets Manager asks a plaintext and an encrypted data key from KMS when a secret is stored. The plaintext data key is used by Secrets Manager to encrypt the secret in memory. The encrypted secret and encrypted data key are stored and maintained by AWS Secrets Manager. Secrets Manager decrypts the data key (using the AWS KMS default keys) and uses the plaintext data key to decrypt the secret when a secret is retrieved. The data key is encrypted and never written in plaintext to disc. Secrets Manager also doesn't save the plaintext secret to persistent storage or write it to it.

 

Ques. 18): How will AWS Secrets Manager be invoiced and billed to me?

Answer:

There is no minimum price with Secrets Manager; you simply pay for what you use. To start utilising the service, there are no set-up fees or commitments. Your credit card will be automatically charged for the month's usage at the end of the month. Each month, you will be charged for the amount of secrets you store and API requests you make to the service.

Visit AWS Secrets Manager pricing for the most up-to-date pricing information.

 

Ques. 19): Is there a free trial available?

Answer:

Yes, you can use the AWS Secrets Manager 30-day free sample to try Secrets Manager for free. Over the course of the 30-day free trial, you can rotate, manage, and retrieve secrets. When you save your first secret, the free trial begins.

 

Ques. 20): How do I use Lambda's Secrets Manager?

Answer:

A library file for a secret manager is provided in the AWS docs. AWS Secrets Manager JavaScript (SDK V2) Code Examples I constructed a wrapper class SecreteManager based on this reference, and here is the code.

Make a SecretesManager.js file that connects to aws-sdk and allows you to access AWS resources.

'use strict'

const AWS = require('aws-sdk');

class SecretsManager {

/**

      * Uses AWS Secrets Manager to retrieve a secret

      */

     static async getSecret (secretName, region){

         const config = { region : region }

         var secret, decodedBinarySecret;

         let secretsManager = new AWS.SecretsManager(config);

         try {

             let secretValue = await secretsManager.getSecretValue({SecretId: secretName}).promise();

             if ('SecretString' in secretValue) {

                 return secret = secretValue.SecretString;

             } else {

                 let buff = new Buffer(secretValue.SecretBinary, 'base64');

                 return decodedBinarySecret = buff.toString('ascii');

             }

         } catch (err) {

             if (err.code === 'DecryptionFailureException')

                 // Secrets Manager can't decrypt the protected secret text using the provided KMS key.

                 // Deal with the exception here, and/or rethrow at your discretion.

                 throw err;

             else if (err.code === 'InternalServiceErrorException')

                 // An error occurred on the server side.

                 // Deal with the exception here, and/or rethrow at your discretion.

                 throw err;

             else if (err.code === 'InvalidParameterException')

                 // You provided an invalid value for a parameter.

                 // Deal with the exception here, and/or rethrow at your discretion.

                 throw err;

             else if (err.code === 'InvalidRequestException')

                 // You provided a parameter value that is not valid for the current state of the resource.

                 // Deal with the exception here, and/or rethrow at your discretion.

                 throw err;

             else if (err.code === 'ResourceNotFoundException')

                 // We can't find the resource that you asked for.

                 // Deal with the exception here, and/or rethrow at your discretion.

                 throw err;

         }

     }

 }

 module.exports = SecretsManager;

2. Create a file for index.js in your Lambda package to use SecretesManager.js class to retrieve a secret value.

/**

 * index.js

 **/

const SecretsManager = require('./SecretsManager.js');

exports.handler = async (event) => {

     // TODO implement

     var secretName = '<SecreteName>';

     var region = '<Region>';

     var apiValue = await SecretsManager.getSecret(secretName, region);

     console.log(apiValue);

     const response = {

         statusCode: 200,

         body: JSON.stringify('Hello from Lambda!'),

     };

     return response;

 };

3. Go to console.aws.amazon.com/secretsmanager to create a secret manager entry.

4. That's it. Make a zip file with this code and upload it to lambda.