Comments (13)
Fixed it with psycopg2, if people are still interested : https://github.com/0xSeb/aws_secrets_manager_psql_rotation_lambda
from aws-secrets-manager-rotation-lambdas.
The code in this repo is ok as far as python 3.8 compatibility; the problem lies in the pg driver pygresql and how it is compiled. If you download it from the Lambda site, it is compiled in python 3.7. If you try to compile it yourself in python 3.8 and try to use the postgreSQL 12 or 13 client files, it gets really complicated as the dependencies required and what's available on the Lambda are not the same.
from aws-secrets-manager-rotation-lambdas.
Got it working using psycopg2.
I will leave this open so that someone at AWS can update the sample.
from aws-secrets-manager-rotation-lambdas.
Thank you for opening this issue. Currently the rotation AWS Lambda functions we vend only officially support Python 3.7, as noted in our public documentation. This is in part due to the fact that we build and package all the necessary dependencies, along with the function itself, in the Lambda deployment package. As it pertains to PostgreSQL, the specific client library we use is PyGreSQL. We have a similar feature request to upgrade the officially supported Python runtime in our vended rotation Lambdas, and by association the versions of client libraries used as well.
from aws-secrets-manager-rotation-lambdas.
+1 Yes, it looks like that all code was created in 2018, you can see in header of scripts. I don't know if it will be updated.
from aws-secrets-manager-rotation-lambdas.
Yeah... that pg
package is for OpenGL and installs pillow
?
from aws-secrets-manager-rotation-lambdas.
Thank you for opening this issue - we are looking into it.
from aws-secrets-manager-rotation-lambdas.
Pillow happened to me when I tried to repackage lambda code from here into an independent layer using requirements.txt. DO NOT REFERENCE "PG" THERE. The proper name there is "PyGreSQL" which presents a "pg" module from PostgreSQL, not PIL/OpenGL. The default "pg" will break your lambdas.
I ran into this because I was forced to reimplement the public template using terraform because the serverlessrepo package for this does not allow the attachment of required permissions boundaries. If you want this fixed, please upvote #27
from aws-secrets-manager-rotation-lambdas.
Please get rid of pgdb
and pg
and just use psycopg2
or pg8000
as used by AWS Datawrangler.
Why are random libraries used in aws samples?
from aws-secrets-manager-rotation-lambdas.
Got it working using psycopg2.
I will leave this open so that someone at AWS can update the sample.
Could you please tell me the changes you made?
from aws-secrets-manager-rotation-lambdas.
U can do it with psycopg2, where u can follow as below:
1st, build the docker image, where this will prepare for the linux environment, using pip to download the pre-compile lib.
FROM python:3.8 as py
ARG PSYCOPG2_VER
RUN apt-get update && \
apt-get install bison flex build-essential libpq-dev -y
WORKDIR /package/psycopg2
RUN python -m venv venv
RUN . venv/bin/activate && \
pip install psycopg2-binary==$PSYCOPG2_VER --target /out_lib
WORKDIR /
then use docker cp to get the binary from container, repackage it with lambda "handler.py"
.PHONY: help
help: ## This help.
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
.DEFAULT_GOAL := package
APP_NAME = postgres_env
PSYCOPG2_VER = 2.9.3
# DOCKER TASKS
# Build the container
build: clean
docker build -t $(APP_NAME) . --build-arg PSYCOPG2_VER=$(PSYCOPG2_VER)
## Build the container without caching
build-nc: clean
docker build --no-cache -t $(APP_NAME) . --build-arg PSYCOPG2_VER=$(PSYCOPG2_VER)
clean:
rm -rf out
rm -rf deployment.zip
clean-image:
docker rmi -f $(APP_NAME)
package: build
mkdir -p out
$(eval CONTAINER_ID=$(shell docker create $(APP_NAME) --name $(APP_NAME)))
docker cp $(CONTAINER_ID):/out_lib/. ./out
docker rm $(CONTAINER_ID)
cd out && zip -r ../deployment.zip .
zip -g deployment.zip handler.py
run make, and it will generate the "deployment.zip" and u can upload this to lambda
from aws-secrets-manager-rotation-lambdas.
We got stung by this earlier this week.
We updated our cloudformation stack (with no changes to the PG password rotation lambdas) and it appears that our lambda functions were auto-updated to 3.9?
I've no idea why the lambda functions were updated yet as there was no change to them. Still looking into that. However, there's also no way in the serverless template to be able to insist on 3.7.
I guess I'll need a CustomResource with a bit of python/javascript to keep those lambda functions at 3.7?
from aws-secrets-manager-rotation-lambdas.
In Q3/Q4 2022, Secrets Manager updated the python runtimes to v3.9. In certain circumstances, customers may have had a ZIP bundle that still included the 3.7 runtimes even though the Lambda runtime was updated to 3.9, causing some incompatibilities. We have exposed the Runtime attribute in the SAM template and have a blog available for impacted customers here: https://repost.aws/knowledge-center/secrets-manager-lambda-rotation. This particular issue has been resolved through documentation, so closing issue.
from aws-secrets-manager-rotation-lambdas.
Related Issues (20)
- Feature Request: Redshift Serverless Namespace admin user rotation HOT 2
- MySQL MultiUser lambda cannot rotate users with host different than default '%' HOT 3
- PostgreSQL SingleUser rotation, isn't working with RDS-Proxy HOT 1
- SecretsManagerRDSPostgreSQLRotationMultiUser doesn't support RDS Aurora Postgres HOT 1
- MultiUser rotations are incompatible with RDS Proxy HOT 12
- MySQL MultiUser Increase Username limit from 16 to 32 HOT 5
- secrets-manager automatic rotation for aws msk HOT 1
- SecretsManagerRDSMySQLRotationSingleUser error when require SSL HOT 4
- Name of IAM role not returned from AWS::SecretsManager::RotationSchedule HOT 1
- Aurora-mysql rotation fix HOT 1
- Update images to latest version of Python HOT 4
- Updating python enginefrom 3.7 to 3.11 Runtime.ImportModuleError HOT 3
- cx_Oracle has a major new release under a new name python-oracledb HOT 2
- MySQL and PostgreSQL support for aurora is inconsistent. HOT 2
- Secrets rotation fails for Oracle RDS with SSL or NNE HOT 4
- SqlServer rotation not respecting EXCLUDE_CHARACTERS HOT 6
- Cloud Formation Rotation type is missing for Elasticache Rotation Lambda HOT 1
- Getting cryptography' package is required while rotating secrets manager rds password HOT 5
- Include requirements.txt for each folder HOT 2
- SecretsManagerRDSMySQLRotationMultiUser through CloudFormation: KeyError 'masterarn' HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-secrets-manager-rotation-lambdas.