amazon-web-servicesaws-lambdaamazon-cloudwatchaws-secrets-manageramazon-cloudwatch-events

Configure CloudWatch Secret Manger event to trigger another lambda function


I have set up AWS Secret Manager which contains my Redshift credentials. I have enabled secret rotation on my secret. I have used the sample Code given by AWS to set up a lambda function that gets the credentials and have subscribed SNS topic to the lambda which works fine.

I would like AWS Cloudwatch Events to set up a rule that whenever the rotation of secret has Succeeded it triggers my lambda function.

Upon reading the AWS documentation for monitoring my secrets: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudwatch

I have configured the Cloudtrail logs file to deliver to Cloduwatch Logs.

I have then set up a Cloudwatch Event rule which has Secret Manager as the Service, EventType: AWS API call events and specific operations: ** RotationSucceeded** - a mechanism that notifies you of a successful rotation event.

Cloudwatchevent

However, when the secret rotation successfully occurs, the cloud watch event does not trigger the lambda function I have set as the target.

What changes should I make so that the lambda function is triggered every time the Secret is successfully rotated in aws secret manager?


Solution

  • Posting the answer here:

    Upon doing more research,

    in order to set up AWS Cloudwatch Events rule that whenever rotation of secret has Succeeded it triggers my lambda function.

    You will need to reference the RotateSecret API reference. Which in return when the secrtres is rotated will send trigger the lambda function.

    RotateSecret would replace RotationSuccessed in specific operations

    Have attached the document below for more informtion:

    https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html