After RDS key rotation occurs in secrets manager, Quicksight is unable to display dashboard visuals. Basically it is unable to connect to the database with the error “The database password you provided is not valid. Provide a valid password and try again”
Is there a way for Quicksight to automatically fetch the credentials when this occurs (through CDK)?
1 Like
Hi @Risburt_Fernandes - Welcome to AWS QuickSight community and thanks for posting the question. This is a really interesting question and I believe yes, it is possible QuickSight can integrate with secret manager and update the credentials ( although I never tried), a POC is require. Please see the below link - Secure your database credentials with AWS Secrets Manager and encrypt data with AWS KMS in Amazon QuickSight | AWS Big Data Blog
Please check whether it will help you or not.
Hi @Max @Karthik_Tharmarajan - Please share your feedback on this.
Regards - Sanjeeb
1 Like
Thanks Sanjeeb
I am able to integrate Quicksight to my database with secrets manager. I am using AWS’s RDS database as the datasource. Quicksight is able to fetch the credentials from the secrets manager when I deploy changes to AWS CDK (Configuration is done as per the link shared).
However upon RDS key rotation handled by Secrets manager, quicksight is unable to connect to RDS.
1 Like
Hi @Risburt_Fernandes - Thanks. As per your note, when there is a key rotation happened for RDS, QuickSight is not able to take the updated password ( key) from the secret manager automatically and a manual intervention is performed to over come this problem. Is my understanding correct?
Regards - Sanjeeb
1 Like
Thats correct. We need to have a manual intervention to have quicksight take in the updated credentials
Hi,
I think this would need to be a feature request.
Unless you somehow were also able to update the datasource, maybe using cloud formation, every time your secrets get updated.