在AWS上为SQL Server凭据创建旋转性密钥的步骤如下：

1. 创建存储凭据的Vault：

import boto3

client = boto3.client('secretsmanager', region_name='us-west-2')

resp = client.create_secret(
        Name="MyTestDatabaseSecret",
        Description="Test database credentials",
        SecretString='{"username":"dbAdmin","password":"password"}', # put database credentials here
        Tags=[
            {
                'Key': 'mykey',
                'Value': 'myvalue'
            },
        ],
        RecoveryWindowInDays=7,
        KmsKeyId="",
        ForceOverwriteSecret=True)

print(resp)

2. 创建旋转性策略：

import boto3

client = boto3.client('secretsmanager', region_name='us-west-2')

resp = client.create_secret(
        Name="MyTestDatabaseSecret",
        Description="Test database credentials",
        SecretString='{"username":"dbAdmin","password":"password"}', # put database credentials here
        Tags=[
            {
                'Key': 'mykey',
                'Value': 'myvalue'
            },
        ],
        RotationLambdaARN="arn:aws:lambda:us-west-2:123456789012:function:MyTestFunction",
        RotationRules={
            'AutomaticallyAfterDays': 30
        },
        KmsKeyId="",
        ForceOverwriteSecret=False)

print(resp)

这里的RotationLambdaARN是用于旋转凭据的Lambda函数的ARN。RotationRules中的‘AutomaticallyAfterDays’字段指定了在多少天后自动进行凭证轮换。

3. 启用旋转策略：

import boto3

client = boto3.client('secretsmanager', region_name='us-west-2')

response = client.rotate_secret(
    SecretId='MyTestDatabaseSecret',
    RotationLambdaARN='arn:aws:lambda:us-west-2:123456789012:function:MyTestFunction',
    RotationRules={
        'AutomaticallyAfterDays': 30
    })

print(response)

这样