Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
    • Security
Google Cloud Platform icon
Labs

Using Secrets Manager to Authenticate with an RDS Database Using Lambda

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. In this lab, we connect to a MySQL RDS database from an AWS Lambda function using a username and password, and then we hand over credential management to the AWS Secrets Manager service. We then use the Secrets Manager API to connect to the database instead of hard-coding credentials in our Lambda function. By the end of this lab, you will understand how to store a secret in AWS Secrets Manager and access it from a Lambda function.

Google Cloud Platform icon
Lab platform
Lab Info
Level
Intermediate
Last updated
Sep 25, 2025
Duration
1h 0m

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
Table of Contents
  1. Challenge

    Create a Lambda Function

    Create a Lambda function using Node.js version18.x. Join it to the provided VPC and the 2 public subnets, and use the lab-provided security group DatabaseSecurityGroup. Name your function testRDS. Update the function timeout setting to 6 seconds.

  2. Challenge

    Create the MySQL Layer, and Copy Your Code to the Lambda Function
    1. Create a new layer called mysql and select Node.js 18.x. Upload the file MySQL Library Zip file,
    2. Add the mysql layer to your testRDS function as a custom layer.
  3. Challenge

    Create a Secret in Secrets Manager
    1. Use the Secrets Manager console to create a secret (username = username, initial password = password), and enable automatic credential rotation to reoccur every 1 day.
    2. Name the secret RDScredentials and your Lambda rotation function rotateRDS.
  4. Challenge

    Test Connectivity from Lambda to RDS Using Credentials from AWS Secrets Manager

    In the index.mjs, file replace the current code with the code shown below. Issue a deploy, and once deployed, issue a test. Ensure you replace the <RDS Endpoint> placeholder with the endpoint of your RDS MySQL database.

    import mysql from 'mysql2/promise';
    import AWS from 'aws-sdk';
    
    const secretName = 'RDScredentials';
    const region = 'us-east-1';
    const rdsEndpoint = '<RDS Endpoint>';
    const databaseName = 'example';
    
    AWS.config.update({ region: region });
    
    const secretsManager = new AWS.SecretsManager();
    
    export const handler = async (event, context) => {
      try {
        const data = await secretsManager.getSecretValue({ SecretId: secretName }).promise();
        const secret = JSON.parse(data.SecretString || Buffer.from(data.SecretBinary, 'base64').toString('ascii'));
    
        const { username, password } = secret;
    
        const connection = await mysql.createConnection({
          host: rdsEndpoint,
          user: username,
          password: password,
          database: databaseName,
        });
    
        const [rows] = await connection.execute('SHOW TABLES');
    
        console.log('Tables:');
        rows.forEach((row) => {
          console.log(row[`Tables_in_${databaseName}`]);
        });
    
        connection.end();
    
        return {
          statusCode: 200,
          body: 'Tables listed successfully',
        };
      } catch (err) {
        console.error('Error:', err.message);
        return {
          statusCode: 500,
          body: 'Error listing tables',
        };
      }
    };
    
    
  5. Challenge

    Create Table in the RDS Database Using Lambda to Check Connectivity

    Copy and paste the following code in your index.mjs tab, replacing the <RDS Endpoint> placeholder with your own RDS endpoint. This code adds a table into the example database called pets. We will use this table as a reference to ensure successful database communication:

    import mysql from 'mysql2/promise';
    
    export const handler = async (event, context, callback) => {
      try {
        const connection = await mysql.createConnection({
          host: "<RDS Endpoint>",
          user: "username",
          password: "password",
          database: "example",
        });
    
        // Create 'pets' table
        await connection.execute(`
          CREATE TABLE IF NOT EXISTS pets (
            id INT AUTO_INCREMENT PRIMARY KEY,
            name VARCHAR(255) NOT NULL,
            age INT NOT NULL
          )
        `);
    
        console.log('Table created: pets');
    
        // List all tables
        const [rows] = await connection.execute('SHOW TABLES');
        console.log('Tables:');
        rows.forEach((row) => {
          console.log(row[`Tables_in_example`]);
        });
    
        connection.end();
    
        callback(null, {
          statusCode: 200,
          body: 'Tables listed successfully',
        });
      } catch (err) {
        console.error(err);
        callback(err, {
          statusCode: 500,
          body: 'Error listing tables',
        });
      }
    };
    
  6. Challenge

    Modify the Lambda IAM Role

    The IAM role created for Lambda to use does not have permission to the Secrets Manager service. Edit the Lambda execution role that was created and add the following AWS managed policy: SecretsManagerReadWrite.

About the author

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight