AWS Secret Manager Lambda function to rotate secrets

2.1k views Asked by At

I have created a "other type of secret". I have also added a lambda function as give in this template. Now when I try to rotate immediately its saying "Fail to rotate the secret "TEST_SECRET_ROTATING" A previous rotation isn't complete. That rotation will be reattempted." The rotation time is one day, even next day I see secrete is not updated. I simply added that lambda function. Do I need to define any parameter or any other lambda settings. I also see in documentation that If you enable automatic rotation, the first rotation will happen immediately when you store this secret. But I don`t see this rotation even first time. I also followed this question here. I was able to find version id of AWSPENDING stage, I delete this version ID> click on rotate secret immediately > I see "Secret successfully scheduled for rotation" > but secret us not changed yet, Is there any issue with lambda code now?

1

There are 1 answers

1
Jaishree Mishra On

The answer given in other question is good but there were couple of changes I have to do, The code template didnt say that we need to create a VPC endpoint for secret manager "SECRETS_MANAGER_ENDPOINT", We need to give KMS key permission to lambda role, We need to add VPC in lambda function as told by John, I also had to comment "raise NotImplementedError" in both set_secret, test_secret and give pass.