- Newest
- Most votes
- Most comments
Hello there,
When a secret is created by AWS EventBridge, its rotation is still handled by AWS Secrets Manager. AWS EventBridge itself doesn't create or rotate secrets; it can only trigger actions (like a Lambda function) in response to event patterns, such as a secret's rotation event. So, the process to rotate a secret remains the same, irrespective of how it was created.
If you're finding it difficult to rotate a secret created by EventBridge, the issue might not be with the secret rotation itself, but rather with the permissions or the triggering mechanism in EventBridge. It's essential to ensure that the IAM role attached to your EventBridge rule or the Lambda function has sufficient permissions to rotate the secret in AWS Secrets Manager.
The exact solution depends on the specific error you're encountering, but checking your permissions and event patterns in EventBridge would be a good place to start troubleshooting.
Rotating secrets in AWS Secrets Manager involves creating a new version of the secret and then updating all the applications that use the secret to use the new version. AWS Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
If the secret is created by EventBridge API destination, you can still rotate it, but the process might be a bit different. Here are the general steps you can follow:
- Create a new secret: You can use the AWS Secrets Manager API or the AWS Management Console to create a new version of the secret.
- Update the EventBridge API destination: You need to update the EventBridge API destination to use the new secret. You can do this by updating the API destination configuration in the EventBridge console or by using the EventBridge API.
- Update your applications: Any applications that use the secret need to be updated to use the new version of the secret. This might involve updating the application code or configuration, depending on how the secret is used.
- Test your applications: After updating the secret and your applications, you should thoroughly test your applications to make sure they work correctly with the new secret.
- Delete the old secret: Once you've confirmed that everything is working correctly with the new secret, you can delete the old version of the secret.
Remember, the specifics of these steps might vary depending on your specific use case and configuration.
I couldn't able to update the Secret Manager in the API destination via AWS Event Bridge Console.
May i have any reference to follow on this please.
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
- asked 5 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
I couldn't able find any solution on how we can able to rotate the secrets that is being created AWS event bridge for API destonation.
I try to edit the secret manger rotation config in AWS secret manager but its failed to update and below toast is showing.
'This secret was created by Amazon EventBridge (events). Because this secret is managed by Amazon EventBridge (events), you will not be able to make any modifications to it. '