En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Is it possible to invoke a Lambda function in a different AWS account from Secrets Manager rotation?

0

We are trying to make our Lambda function a centralize kind of thing which can be invoked by a secrets manager from different accounts. So Lambda app can be used across multiple accounts for the automatic rotation of secrets.

Enter image description here Basically in this image, we want to select a lambda function that is deployed to a different account.

We have tried the steps below to achieve our goal but none of these have worked so far:

  1. Grant access across different AWS accounts using IAM roles and assume role.
  2. Add a resource based policy into function app

Note: Secrets manager and Lambda Function are in the same region.

Sujets
Sans serveurCalculSécurité, identité et conformité
Balises
AWS LambdaGestionnaire de secrets AWS
Langue
English
rePost-User-Vernon
demandé il y a un an736 vues
1 réponse
0

Perhaps, but it would be difficult from the management console.
I think we need to set up our own Lambda with IAM configured to rotate cross-accounts.
It would be a good idea not to enable auto-rotation on that screen, but to let Lambda in a separate account do all the rotation.

profile picture
EXPERT
Riku_Kobayashi
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents