lambda function can't access secrets manager

0

I am developing an AWS Lambda function using Python. When I directly use Python code in AWS Lambda to access the secrets manager, it works fine. However, when I package the Lambda function code with dependencies, upload it as a zip file, and run it, I am unable to retrieve the secret, and the execution times out. Why is this happening?

I have followed the instructions in this link , set up the layer, and ensured that the role and VPC subnet are correctly configured.

============================= after set ENV PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL = debug Debug log

[AWS Parameters and Secrets Lambda Extension] 2023/10/07 08:42:36 INFO Serving on port 2773
EXTENSION	Name: AWSParametersAndSecretsLambdaExtension	State: Ready	Events: [INVOKE, SHUTDOWN]
START RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83 Version: $LATEST
begin lambda function run
[AWS Parameters and Secrets Lambda Extension] 2023/10/07 08:42:37 INFO ready to serve traffic
2023-10-07T08:43:07.233Z da2cb206-3ecd-4d68-bc9e-da721a940c83 Task timed out after 30.04 seconds

END RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83
REPORT RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83	Duration: 30039.07 ms	Billed Duration: 30000 ms	Memory Size: 128 MB	Max Memory Used: 80 MB	Init Duration: 661.31 ms	

and python lambda function code is


import json
import urllib.parse
import boto3
import gzip
import io
import os
import datetime
from datetime import datetime

def get_redshift_credentials():
    try:
        secrets_manager_client = boto3.client('secretsmanager')
        response = secrets_manager_client.get_secret_value(SecretId='this is MY ARN')
        secret_string = response['SecretString']

        secret_data = json.loads(secret_string)

        host = secret_data['host']
        port = secret_data['port']
        dbname = secret_data['dbName']
        user = secret_data['username']
        password = secret_data['password']

        cached_redshift_credentials = (host, port, dbname, user, password)
        return cached_redshift_credentials

    except Exception as e:
        print(f"Error retrieving Redshift credentials: {str(e)}")
        raise



def lambda_handler(event, context):
    print("begin lambda function run")
    redshift_credentials = get_redshift_credentials()
    print(redshift_credentials)

1回答
1
承認された回答

Hi Aaren,

I think you need to correctly configure Role for Lambda Function, to be able to access Secrets from the Secrets Manager.
Please follow this guide [1] to access the secrets using lambda (python) with correct Permissions.

If you have your Lambda Function within a VPC, you also need to consider using a VPC Endpoint or NAT gateway for your request to reach Secrets Manager. [2]

References:
[1] https://community.aws/posts/parameters-and-secrets-lambda-extension-with-python
[2] https://repost.aws/knowledge-center/lambda-secret-vpc

Regards,
Atul

profile picture
回答済み 9ヶ月前
profile pictureAWS
エキスパート
レビュー済み 9ヶ月前
  • Thank you for your answer, I am sure configure Role and VPC correct ,with the same code ,direct run python in AWS Lambda can access SecretManager

  • Okay, you can try to use the Lambda Function environment variable PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL with a value as debug to get a detailed log. This might help in debugging the issue. Also, could you please share some logs to assist you better?

  • OK I post debug logs lambda code in update post

  • Hi, I think you are using boto3.client('secretsmanager') in the Lambda code. Instead, you should make a "GET" request using "http". Since you have configured a layer "AWS Parameters and Secrets Lambda Extension", it is making requests to localhost port 2773. You can modify your Lambda code to be similar to the reference [1], it should work fine then. Please refer to this code: https://community.aws/posts/parameters-and-secrets-lambda-extension-with-python#add-our-lambda-code

  • Thank you , I resolve this question use HTTP request to get Secrets

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ