Is it possible to map one secret password to other secret?


I have one secret for RDS password. But I want to implement password rotation every week. For that I have tried but I have to modify all key and values which already exist and it broke the application. So for that I am trying to create new secret with password rotation and map that new password with old secret, So tell me how can I achieve this. I have tried using lambda function but getting an error. I have tried below lambda code and IAM policies, but still getting an error.

==============================Lambda code ------ import boto3 import json

def lambda_handler(event, context): # Initialize AWS Secrets Manager client secrets_manager_client = boto3.client('secretsmanager')

# Retrieve Secret X
secret_x_response = secrets_manager_client.get_secret_value(SecretId='arn:aws:secretsmanager:us-east-1:388429313303:secret:abc_secret-JwVdZX')
secret_x_value = json.loads(secret_x_response['SecretString'])['password']

# Perform any mapping or transformation
# For example, you can concatenate a prefix to the password
secret_y_value = 'mapped-prefix-' + secret_x_value

# Store the mapped value in Secret Y
    SecretString=json.dumps({'password': secret_y_value})

return {
    'statusCode': 200,
    'body': json.dumps('Mapping complete!')

=========== IAM policy ------------- { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret" ], "Resource": [ "arn:aws:secretsmanager:us-east-1:388429313303:secret:xyz_secret-EdyEFK" ] } ] }

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecretVersionStage" ], "Resource": "arn:aws:secretsmanager:us-east-1:388429313303:secret:abc_secret-JwVdZX" }, { "Effect": "Allow", "Action": [ "secretsmanager:GetRandomPassword" ], "Resource": "" }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DetachNetworkInterface" ], "Resource": "", "Effect": "Allow" } ] }

1 Answer

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions