Home > Software engineering >  Testing Rotating Secret through lambda Testing
Testing Rotating Secret through lambda Testing

Time:11-14

Using this as lambda function - https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRotationTemplate/lambda_function.py. giving perimeters as

{
    "SecretId": "giving arn",
    "ClientRequestToken":"giving random 32 digit number",
    "Step":"testsecret"
  
}

Giving Error:

{
  "errorMessage": "'SECRETS_MANAGER_ENDPOINT'",
  "errorType": "KeyError",
  "requestId": "##",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 17, in lambda_handler\n    service_client = boto3.client('secretsmanager', endpoint_url=os.environ['SECRETS_MANAGER_ENDPOINT'])\n",
    "  File \"/var/lang/lib/python3.9/os.py\", line 679, in __getitem__\n    raise KeyError(key) from None\n"
  ]
}

Function Logs
START RequestId: ####### Version: $LATEST
[ERROR] KeyError: 'SECRETS_MANAGER_ENDPOINT'
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 17, in lambda_handler
    service_client = boto3.client('secretsmanager', endpoint_url=os.environ['SECRETS_MANAGER_ENDPOINT'])
  File "/var/lang/lib/python3.9/os.py", line 679, in __getitem__
    raise KeyError(key) from NoneEND RequestId:########
REPORT RequestId: #### Duration: 13.10 ms   Billed Duration: 14 ms  Memory Size: 128 MB Max Memory Used: 52 MB  Init Duration: 251.10 ms

CodePudding user response:

You should add the missing variable to Lambda Environment parameters with Key/Value having reference toy secretsmanager endpoint in YOUR region like : SECRETS_MANAGER_ENDPOINT: https://secretsmanager.us-east-1.amazonaws.com Also Necessary changes needs to be done into Lambda policy as perarticle: https://aws.amazon.com/blogs/security/how-to-rotate-your-twitter-api-key-and-bearer-token-automatically-with-aws-secrets-manager/

Otherwise you'll get an error like this:

    Function Logs
START RequestId: e1410eca-142f-4900-8af3-0bcf0435488a Version: $LATEST
[INFO]  2021-11-13T05:39:03.320Z    e1410eca-142f-4900-8af3-0bcf0435488a    Found credentials in environment variables.
[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the DescribeSecret operation: User: arn:aws:sts::995149706792:assumed-role/rotate_secret_rcloneconfig-role-namt8fbc/rotate_secret_rcloneconfig is not authorized to perform: secretsmanager:DescribeSecret on resource: arn:aws:secretsmanager:us-east-1:995149706792:secret:rclonechina-5lPcTT because no identity-based policy allows the secretsmanager:DescribeSecret action
Traceback (most recent call last):

Page link:https//www.codepudding.com/Softwareengineering/190281.html

Prev:"Credential should be scoped to a valid region" alexa top sites service from AWS
Next:While initializing react-native app on my m1 macbook device it gives cocapods error while downloadin
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding