Is it possible to invoke a Lambda function in a different AWS account from Secrets Manager rotation?
We are trying to make our Lambda function a centralize kind of thing which can be invoked by a secrets manager from different accounts. So Lambda app can be used across multiple accounts for the automatic rotation of secrets.
We have tried the steps below to achieve our goal but none of these have worked so far:
- Grant access across different AWS accounts using IAM roles and assume role.
- Add a resource based policy into function app
Note: Secrets manager and Lambda Function are in the same region.
- 最新
- 投票最多
- 评论最多
Perhaps, but it would be difficult from the management console.
I think we need to set up our own Lambda with IAM configured to rotate cross-accounts.
It would be a good idea not to enable auto-rotation on that screen, but to let Lambda in a separate account do all the rotation.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
