Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Is it possible to invoke a Lambda function in a different AWS account from Secrets Manager rotation?

0

We are trying to make our Lambda function a centralize kind of thing which can be invoked by a secrets manager from different accounts. So Lambda app can be used across multiple accounts for the automatic rotation of secrets.

Enter image description here Basically in this image, we want to select a lambda function that is deployed to a different account.

We have tried the steps below to achieve our goal but none of these have worked so far:

  1. Grant access across different AWS accounts using IAM roles and assume role.
  2. Add a resource based policy into function app

Note: Secrets manager and Lambda Function are in the same region.

Argomenti
ServerlessComputazionaliSicurezza, identità e conformità
Tag
AWS LambdaGestore AWS Secrets
Lingua
English
rePost-User-Vernon
posta un anno fa736 visualizzazioni
1 Risposta
0

Perhaps, but it would be difficult from the management console.
I think we need to set up our own Lambda with IAM configured to rotate cross-accounts.
It would be a good idea not to enable auto-rotation on that screen, but to let Lambda in a separate account do all the rotation.

profile picture
ESPERTO
Riku_Kobayashi
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente