Menu
I wrote a lambda function to access a database so the first step is to get secrets from AWS Secrets Manager. I have a private VPC as well as subnets, NAT Gateway, and security group associated with the lambda function. I also have secretsmanager.Secret.grantRead(lambda_exec_role) so the lambda should have access to Secrets Manager.
For some reason when I test it in API Gateway, I got "errno": "ETIMEDOUT" and "code": "NetworkingError" in CloudWatch. And from the printed log I had in the API, getting secrets was failed.
I also tried to add a VPC endpoint for Secrets Manager as in here, but still got the same error.
Appreciated if anyone here could help me with this or give some hints.
Many thanks!
911
AWS Lambda functions often need to access secrets, such as certificates, API keys, or database passwords. Storing secrets outside the function code in an external secrets manager helps to avoid exposing secrets in application source code.
In order to grant a Lambda function access to Secrets Manager, we have to attach an IAM policy to the function's execution role. The policy should grant permissions for all the Actions the function needs to perform on the secrets.
You can retrieve your secrets by using the console (https://console.aws.amazon.com/secretsmanager/ ) or the AWS CLI ( get-secret-value ). In applications, you can retrieve your secrets by calling GetSecretValue in any of the AWS SDKs. You can also call the HTTPS Query API directly.
I had trouve with a lambda getting secret content too.
They are several things you can try :
#1 Make sure you have permission to get the secret value, I'll give you mine for a working configuration :
#2 I had trouble too with my VPC and subnets. If misconfugred, you won't be able to call Secret Manager API.
Hoping it could help someone someday. :)
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
