Rotate Active Directory credentials stored in AWS Secrets Manager
Blog
This article explains how to automate Active Directory credential rotation for AWS Secrets Manager using AWS Systems Manager.
- Uses SSM Automation to synchronize AD service account passwords with AWS Secrets Manager
- Windows EC2 instance with AD tools runs scheduled rotation every 30 days
- Generates complex random passwords (64-128 characters) and updates both AD and Secrets Manager
- Includes rollback capability if either update fails
- Provides CloudFormation templates for prerequisites and solution deployment
- Estimated monthly cost approximately $50 USD in US West Oregon region
- Applicable to RDS for SQL Server self-managed AD deployments
This solution automates secure credential rotation between Active Directory and AWS Secrets Manager, eliminating manual password management for service accounts.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.