Rotation lambda timing out but using Secrets Manager VPC Endpoint


I am attempting to get the automatic rotation lambda function to rotate secrets for an rds instance that lives on a VPC. All of my subnets are public and connected to IGWs. I have an rds instance with no public accessibility that I would like to rotate secrets for. I have placed the lambda function inside the VPC and created a VPC endpoint for the secrets manager.

When I run the rotation, it times out when attempting to access the secrets manager endpoint. Do I need to run the lambda function on a private subnet to avoid using the IGWs?

asked 4 years ago827 views
1 Answer

It ended up being security groups related. Since lambdas form ENIs with all combinations of security groups and subnets when inside a VPC, there needs to be a security group that allows an ENI between the VPC endpoint and the lambda.

answered 4 years ago
profile picture
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions