Comments (6)
jbct
commented on August 19, 2024
Hi @BlueMaegi - when was this lambda deployed that began causing the issue? I just tried reproducing it myself and it's excluding the characters in a large character length password. Wondering if something else changed the password without the exclusion given this one hasn't ran since Nov 2023.
from aws-secrets-manager-rotation-lambdas.
BlueMaegi
commented on August 19, 2024
The lambda was created in May 2023 and has not been touched since. It was autogenerated the first time we spun up an RDS instance with SecretsManager rotation enabled. We've never "deployed" it from our own code.
My thought was to delete it, and tear down all the associated RDS instances to start from scratch. But we lack knowledge on what drives/creates the rotation lambdas to be sure that such a process would even work.
from aws-secrets-manager-rotation-lambdas.
jirkafajfr
commented on August 19, 2024
Could you please provide us with exact code that the rotation lambda is running?
Steps
- Navigate to the secret detail in AWS Secrets Manager console
- Select Rotation tab
- Click on the link below the Lambda rotation function section
- In the Function overview hit the Download button and select Download function code .zip
- Extract archive locally and please attach lambda_function.py to this issue.
from aws-secrets-manager-rotation-lambdas.
BlueMaegi
commented on August 19, 2024
On the rotation tab, it says the following:
"Amazon RDS (rds) manages rotation for this secret, so you don't need to choose a Lambda rotation function."
Regardless, I've attached the file from the autogenerated function, which is probably not running anymore.
from aws-secrets-manager-rotation-lambdas.
jirkafajfr
commented on August 19, 2024
There are actually two distinct concepts:
In your case the secret is rotated by RDS (managed rotation), but you're trying to change parameters of rotation lambda that is not being used (at least for secret you reference here).
from aws-secrets-manager-rotation-lambdas.
jirkafajfr
commented on August 19, 2024
@BlueMaegi the managed rotations doesn't allow user to specify criteria for a random password generation. If you really need control over the characters used in password you'll need to switch your secret to the rotation lambdas (away from managed rotation).
I'll close the ticket now, but feel free to re-open.
from aws-secrets-manager-rotation-lambdas.
Related Issues (20)
- Feature Request: Redshift Serverless Namespace admin user rotation HOT 2
- MySQL MultiUser lambda cannot rotate users with host different than default '%' HOT 3
- PostgreSQL SingleUser rotation, isn't working with RDS-Proxy HOT 1
- SecretsManagerRDSPostgreSQLRotationMultiUser doesn't support RDS Aurora Postgres HOT 1
- MultiUser rotations are incompatible with RDS Proxy HOT 12
- MySQL MultiUser Increase Username limit from 16 to 32 HOT 5
- secrets-manager automatic rotation for aws msk HOT 1
- SecretsManagerRDSMySQLRotationSingleUser error when require SSL HOT 4
- Name of IAM role not returned from AWS::SecretsManager::RotationSchedule HOT 1
- Aurora-mysql rotation fix HOT 1
- Update images to latest version of Python HOT 4
- Updating python enginefrom 3.7 to 3.11 Runtime.ImportModuleError HOT 3
- cx_Oracle has a major new release under a new name python-oracledb HOT 2
- MySQL and PostgreSQL support for aurora is inconsistent. HOT 2
- Secrets rotation fails for Oracle RDS with SSL or NNE HOT 4
- Cloud Formation Rotation type is missing for Elasticache Rotation Lambda HOT 1
- Getting cryptography' package is required while rotating secrets manager rds password HOT 5
- Include requirements.txt for each folder HOT 2
- SecretsManagerRDSMySQLRotationMultiUser through CloudFormation: KeyError 'masterarn' HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-secrets-manager-rotation-lambdas.