The most operationally efficient solution to ensure that administrator passwords for Amazon RDS DB instances are changed at least annually is to use AWS Secrets Manager with automatic rotation.
AWS Secrets Manager:
AWS Secrets Manager helps you protect access to your applications, services, and IT resources without the upfront cost and complexity of managing your own hardware security infrastructure.
Secrets Manager enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
Configure Automatic Rotation:
Store the database credentials in AWS Secrets Manager.
Configure the secret to rotate automatically every 365 days.
AWS Secrets Manager provides built-in integration for rotating credentials for supported databases, including Amazon RDS.
Steps to Configure:
Open the Secrets Manager console.
Create a new secret and provide the necessary database credentials.
Enable automatic rotation and set the rotation interval to 365 days.
Secrets Manager will handle the rotation process, updating the credentials in the database and ensuring they are securely stored.
AWS Secrets Manager
Rotating Your AWS Secrets Manager Secrets
