0

On AWS secret creation I want to configure the secret to use a lambda function to rotate password, and pass the parameters for the rotation. In C# is

var response = client.RotateSecret(new RotateSecretRequest  {
RotationLambdaARN = "arn:aws:lambda:us-west-2:123456789012:function:MyTestDatabaseRotationLambda",
RotationRules = new RotationRulesType { AutomaticallyAfterDays = 30 },
SecretId = "MyTestDatabaseSecret"  });

How do I pass a payload/parameter to MyTestDatabaseRotationLambda? This is to use the same rotation function for all secret managers.

Elbano Marquez
  • 1
  • Doesn't the documentation says "No, you can't?" https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html Secrets Manager invokes the Lambda function with the following JSON request structure of parameters: { "Step" : "request.type", "SecretId" : "string", "ClientRequestToken" : "string" } – Oguz Ozgul Mar 16 '20 at 17:38
  • Thanks for pointing me to that part of the documentation, I overlooked it, I assumed lambda was more flexible in that regards. So knowing that, on what cases would someone create a secret manager and configure a lambda for rotation? Such lambda have to be hardcoded with the DB and secret to rotate/update, right? – Elbano Marquez Mar 16 '20 at 19:53
  • Unfortunately, AWS is not something I am specialized in. I am not able to give you a good answer so I prefer not to, and maybe you should ask this as another question? (Or check if someone had already gone through the same path?) – Oguz Ozgul Mar 16 '20 at 20:22

0 Answers0