I'm trying to setup secretsmanager rotation and found these lambda function examples here... but can't get these to work.
It seems like the tokens received by Lambda (event) don't match the tokens/VersionStages fetched when calling seceretsmanager API (describe_secret), so the function fails raising an exception.
START RequestId: 869a3608-f930-43dd-9337-b71edc57f134 Version: $LATEST
EVENT_DATA: {'ClientRequestToken': 'AF585B8F-AA06-4EAB-8827-EFF43E6FD896', 'SecretId': 'arn:aws:secretsmanager:eu-west-1:passwd-WqYjGj', 'Step': 'createSecret'}
DESC_SECRET {'ARN': 'arn:aws:secretsmanager:eu-west-1:passwd-WqYjGj', 'Name': 'passwd', 'KmsKeyId': '41b10ffe-b86d-412f-8bb5-d63ba990e585', 'RotationEnabled': True, 'RotationLambdaARN': 'arn:aws:lambda:eu-west-1:XXX:function:rotate-secrets', 'RotationRules': {'AutomaticallyAfterDays': 90}, 'LastChangedDate': datetime.datetime(2019, 8, 5, 16, 18, 40, 344000, tzinfo=tzlocal()), 'Tags': [{'Key': 'Environment', 'Value': 'uat'}, {'Key': 'Owner', 'Value': 'terraformer'}, {'Key': 'Terraform', 'Value': 'true'}], 'VersionIdsToStages': {'AF585B8F-AA06-4EAB-8827-EFF43E6FD896': ['AWSPENDING']}, 'ResponseMetadata': {'RequestId': '75613522-63e9-42c3-999c-ba1d728f08e8', 'HTTPStatusCode': 200, 'HTTPHeaders': {'date': 'Mon, 05 Aug 2019 16:18:41 GMT', 'content-type': 'application/x-amz-json-1.1', 'content-length': '583', 'connection': 'keep-alive', 'x-amzn-requestid': '75613522-63e9-42c3-999c-ba1d728f08e8'}, 'RetryAttempts': 0}}
[ERROR] ResourceNotFoundException: An error occurred (ResourceNotFoundException) when calling the GetSecretValue operation: Secrets Manager can’t find the specified secret value for staging label: AWSCURRENT
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 61, in lambda_handler
create_secret(service_client, arn, token)
File "/var/task/lambda_function.py", line 88, in create_secret
service_client.get_secret_value(SecretId=arn, VersionStage="AWSCURRENT")
File "/var/runtime/botocore/client.py", line 320, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 623, in _make_api_call
raise error_class(parsed_response, operation_name)
END RequestId: 869a3608-f930-43dd-9337-b71edc57f134
REPORT RequestId: 869a3608-f930-43dd-9337-b71edc57f134 Duration: 1039.40 ms Billed Duration: 1100 ms Memory Size: 128 MB Max Memory Used: 71 MB