- Newest
- Most votes
- Most comments
The error message indicates that the role used by the lambda function doesn't have "secretsmanager:GetSecretValue" permission.
You may want to check for the following-
- In the role attached to the lambda function, check that the action "secretsmanager:GetSecretValue" is allowed for the SecretsManager secret it is trying to access. Looking at the code snippet, this seems to be configured, but double-check. Here is a sample permission.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "SecretARN" } ] }
- In the SecretsManager, check the resource policy attached to the secret. It should allow "secretsmanager:GetSecretValue". Here is a sample permission.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/MyRole" }, "Action": "secretsmanager:GetSecretValue", "Resource": "*" } ] }
- Finally, if the secret is encrypted using a KMS key, then the role attached to the lambda function should also have "kms:Decrypt" permission.
I could solve the issue. Issue was with my java code. Previously I was using this line of code to create SecretsManagerClient -
var secretsManagerClient = SecretsManagerClient.create(); but using this piece of code solved the issue -
SecretsManagerClient secretsManagerClient = SecretsManagerClient.builder() .region(region) .build();
Hi,
Is rds database in same vpc? In that case you need a vpc interface endpoint to access it.
If in same vpc, look for security groups setup.
A nice guide can be found here: https://repost.aws/knowledge-center/connect-lambda-to-an-rds-instance
Yes RDS is in the same VPC as the Lambda Function but in different subnets. I shall go through the link you shared and update you. Thanks!
alatech but I am getting the error in accessing the secretmanager itself
Then I think you may need an interface endpoint for secret manager, so that your lambda in vpc can access secret managers secrets via private link.
See this: https://repost.aws/knowledge-center/lambda-secret-vpc
Relevant content
- asked a year ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
zafar_khan: 1. Yes the policy is configured. I dont find any issue in it. 2.There is no resource policy defined. I see it is optional field. 3. No encryption
Ok. You can test the Lambda role permissions using the "IAM Policy Simulator". See if it flags any issues. Refer the link for details - https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
I have tried with your solution. still issue pending. I am getting the same error. Since my Lambda is in a custom VPC should this be an issue?