While testing for Rotating secret through lambda function

Question

this is my lambda function (https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRotationTemplate/lambda_function.py) when i am testing

{"arn":"writing arn from secret",
"token":"any random 32 digit number",
"step":"testsecret"}

giving error

  "errorMessage": "'SecretId'",
  "errorType": "KeyError",
  "requestId": "########",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 24, in lambda_handler\n    arn = event['SecretId']\n"
  ]
}

Answer 1

This may happen due to three reasons:

1. The existing password in secrets manager does not match with DB Password.(when lambda function tries to authenticate database it should match with existing password so that it could authenticate and update password). you can find the cloudwatch logs as follows:

[ERROR] 2022-03-03T12:05:24.178Z 1a39a205-36f5-XXXX-XXXX-XXXXXXX setSecret: Unable to log into database with previous, current, or pending secret of secret arn arn:aws:secretsmanager:eu-west-2:XXXXXXXXXXX:secret:XYZXXXXXXXXXXXXX

2. DB security group should allow lambda fn to access DB instance(create a ingbound rule with lambda sg as source and DB port)

3. verify you have connectivity to secretsmanager api (your NAT gateway should have access to secrets manager api endpoint) and endpoint with service name com.amazonaws.eu-west-2.secretsmanager / endpoint type Interface also verify region in which lambda fn is executed.