By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is it possible to invoke a Lambda function in a different AWS account from Secrets Manager rotation?

0

We are trying to make our Lambda function a centralize kind of thing which can be invoked by a secrets manager from different accounts. So Lambda app can be used across multiple accounts for the automatic rotation of secrets.

Enter image description here Basically in this image, we want to select a lambda function that is deployed to a different account.

We have tried the steps below to achieve our goal but none of these have worked so far:

  1. Grant access across different AWS accounts using IAM roles and assume role.
  2. Add a resource based policy into function app

Note: Secrets manager and Lambda Function are in the same region.

Topics
ServerlessComputeSecurity, Identity, & Compliance
Tags
AWS LambdaAWS Secrets Manager
Language
English
rePost-User-Vernon
asked a year ago721 views
1 Answer
0

Perhaps, but it would be difficult from the management console.
I think we need to set up our own Lambda with IAM configured to rotate cross-accounts.
It would be a good idea not to enable auto-rotation on that screen, but to let Lambda in a separate account do all the rotation.

profile picture
EXPERT
Riku_Kobayashi
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content