By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Rotation lambda timing out but using Secrets Manager VPC Endpoint

0

I am attempting to get the automatic rotation lambda function to rotate secrets for an rds instance that lives on a VPC. All of my subnets are public and connected to IGWs. I have an rds instance with no public accessibility that I would like to rotate secrets for. I have placed the lambda function inside the VPC and created a VPC endpoint for the secrets manager.

When I run the rotation, it times out when attempting to access the secrets manager endpoint. Do I need to run the lambda function on a private subnet to avoid using the IGWs?

Topics
Security, Identity, & Compliance
Tags
AWS Secrets Manager
Language
English
justin1019
asked 5 years ago1K views
1 Answer
0

It ended up being security groups related. Since lambdas form ENIs with all combinations of security groups and subnets when inside a VPC, there needs to be a security group that allows an ENI between the VPC endpoint and the lambda.

justin1019
answered 5 years ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content