Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Is it possible to invoke a Lambda function in a different AWS account from Secrets Manager rotation?

0

We are trying to make our Lambda function a centralize kind of thing which can be invoked by a secrets manager from different accounts. So Lambda app can be used across multiple accounts for the automatic rotation of secrets.

Enter image description here Basically in this image, we want to select a lambda function that is deployed to a different account.

We have tried the steps below to achieve our goal but none of these have worked so far:

  1. Grant access across different AWS accounts using IAM roles and assume role.
  2. Add a resource based policy into function app

Note: Secrets manager and Lambda Function are in the same region.

Temas
Sin servidorCálculoSeguridad, identidad y cumplimiento
Etiquetas
AWS LambdaAWS Secrets Manager
Idioma
English
rePost-User-Vernon
preguntada hace un año736 visualizaciones
1 Respuesta
0

Perhaps, but it would be difficult from the management console.
I think we need to set up our own Lambda with IAM configured to rotate cross-accounts.
It would be a good idea not to enable auto-rotation on that screen, but to let Lambda in a separate account do all the rotation.

profile picture
EXPERTO
Riku_Kobayashi
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante