Rotation lambda timing out but using Secrets Manager VPC Endpoint

Question

I am attempting to get the automatic rotation lambda function to rotate secrets for an rds instance that lives on a VPC. All of my subnets are public and connected to IGWs. I have an rds instance with no public accessibility that I would like to rotate secrets for. I have placed the lambda function inside the VPC and created a VPC endpoint for the secrets manager.   
  
When I run the rotation, it times out when attempting to access the secrets manager endpoint. Do I need to run the lambda function on a private subnet to avoid using the IGWs?

Answer

It ended up being security groups related. Since lambdas form ENIs with all combinations of security groups and subnets when inside a VPC, there needs to be a security group that allows an ENI between the VPC endpoint and the lambda.

Rotation lambda timing out but using Secrets Manager VPC Endpoint

相关内容