Hi,
I’ve built a pipeline that enables the deployment of bundles between AWS accounts (e.g., from Dev to UAT). However, I’ve identified a gap in support for datasource password rotations.
Currently, when creating a datasource, you need to provide database credentials. Since we store these credentials in Secrets Manager, we can pass the secret ARN during the creation process. The same applies when using datasource overrides during bundle imports - I’m able to supply the secret ARN to set the credentials in the new account.
Here’s the issue, the passwords stored in Secrets Manager are configured to rotate every 30 days, but this rotation process is not automatically passed through to Quicksight. As a result, we have to manually update the datasource credentials every 30 days. Given that we manage multiple accounts with numerous datasources, the rotations don’t occur simultaneously. For example, one might rotate on August 15th, another on August 23rd, and another on August 31st, leading to frequent manual updates.
I’ve reviewed the documentation and performed testing, and it seems auto-rotation is not currently supported. Could we please submit a feature request to add support for automatic password rotation in Quicksight?