Secrets Manager uses a Lambda function to rotate a secret. The Lambda function has a resource policy that allows Secrets Manager to invoke it. Secrets Manager calls the Lambda function by invoking an IAM execution role attached to the Lambda function. Permissions for the Lambda function are granted through the IAM execution role as inline policies. If you turn on rotation by using the Secrets Manager console, the Lambda function, resource policy, execution role, and execution role inline policies are created for you.
You can read up more here.
Can I rotate my secret every hour?asked 3 years ago
Minimal KMS permissions to copy a database snapshotasked 5 years ago
Using single Secret Manager for mutliple schema creds with password rotationasked 9 months ago
Dynamo DB consume from secretsmanagerasked 9 months ago
RDS MySQL "validate-password" setting in the parameter group questions?asked a month ago
How to connect MySQL database in nodeJS file.asked 2 years ago
AWS Data Pipeline Error : Access denied for user 'admin'@'172.31.89.157' (using password: YES)Accepted Answerasked 8 months ago
ssm secret password automation in awsasked a year ago
Rotate objects to normal?asked 2 years ago
What are the minimal MySQL grants required by SecretsManager to rotate a password?asked a year ago