I created a Lambda rotation function manually, configured it in Secrets Manager console (enabled the rotation, told SM to use this newly created function), everything looks fine so far but I don't know how to verify if the rotation is working now.
I found this document, I was going to follow step 4 'Verify Successful Rotation', but the command they provide is not for AWS CLI:
secret=$(aws secretsmanager get-secret-value --secret-id xxxxxxx | jq .SecretString | jq fromjson)
I got error if I tried in AWS CLI:
'secret' is not recognized as an internal or external command,
operable program or batch file.
Their approach is to use MySQL Client, is there a way to test it in AWS CLI or command prompt? Many thanks.
You can use the aws cli to verify that the credentials were rotated.
You should also verify using the MySQL client to verify that you can use the rotated credentials to access the database - https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_db-rotate.html#tut-db-rotate-step5
This command - secret=$(aws secretsmanager get-secret-value --secret-id xxxxxxx | jq .SecretString | jq fromjson) is a linux command to use the aws cli to retrieve the secret value and assigns it to a shell variable called 'secret'