I am developing an AWS Lambda function using Python. When I directly use Python code in AWS Lambda to access the secrets manager, it works fine.
However, when I package the Lambda function code with dependencies, upload it as a zip file, and run it,
I am unable to retrieve the secret, and the execution times out. Why is this happening?
I have followed the instructions in this link ,
set up the layer, and ensured that the role and VPC subnet are correctly configured.
=============================
after set ENV PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL = debug
Debug log
[AWS Parameters and Secrets Lambda Extension] 2023/10/07 08:42:36 INFO Serving on port 2773
EXTENSION Name: AWSParametersAndSecretsLambdaExtension State: Ready Events: [INVOKE, SHUTDOWN]
START RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83 Version: $LATEST
begin lambda function run
[AWS Parameters and Secrets Lambda Extension] 2023/10/07 08:42:37 INFO ready to serve traffic
2023-10-07T08:43:07.233Z da2cb206-3ecd-4d68-bc9e-da721a940c83 Task timed out after 30.04 seconds
END RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83
REPORT RequestId: da2cb206-3ecd-4d68-bc9e-da721a940c83 Duration: 30039.07 ms Billed Duration: 30000 ms Memory Size: 128 MB Max Memory Used: 80 MB Init Duration: 661.31 ms
and python lambda function code is
import json
import urllib.parse
import boto3
import gzip
import io
import os
import datetime
from datetime import datetime
def get_redshift_credentials():
try:
secrets_manager_client = boto3.client('secretsmanager')
response = secrets_manager_client.get_secret_value(SecretId='this is MY ARN')
secret_string = response['SecretString']
secret_data = json.loads(secret_string)
host = secret_data['host']
port = secret_data['port']
dbname = secret_data['dbName']
user = secret_data['username']
password = secret_data['password']
cached_redshift_credentials = (host, port, dbname, user, password)
return cached_redshift_credentials
except Exception as e:
print(f"Error retrieving Redshift credentials: {str(e)}")
raise
def lambda_handler(event, context):
print("begin lambda function run")
redshift_credentials = get_redshift_credentials()
print(redshift_credentials)
Thank you for your answer, I am sure configure Role and VPC correct ,with the same code ,direct run python in AWS Lambda can access SecretManager
Okay, you can try to use the Lambda Function environment variable
PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL
with a value asdebug
to get a detailed log. This might help in debugging the issue. Also, could you please share some logs to assist you better?OK I post debug logs lambda code in update post
Hi, I think you are using boto3.client('secretsmanager') in the Lambda code. Instead, you should make a "GET" request using "http". Since you have configured a layer "AWS Parameters and Secrets Lambda Extension", it is making requests to localhost port 2773. You can modify your Lambda code to be similar to the reference [1], it should work fine then. Please refer to this code: https://community.aws/posts/parameters-and-secrets-lambda-extension-with-python#add-our-lambda-code
Thank you , I resolve this question use HTTP request to get Secrets