Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secretsmanager): Automatically grant permissions to rotation Lambda #14471

Merged
merged 5 commits into from
May 12, 2021
Merged

feat(secretsmanager): Automatically grant permissions to rotation Lambda #14471

merged 5 commits into from
May 12, 2021

Conversation

workeitel
Copy link
Contributor

When you use the AWS Secrets Manager console to configure rotation for a
secret for one of the fully supported databases, the console configures
almost all parameters for you. But if you create a function or opt to do
anything manually for other reasons, you also might have to manually
configure the permissions for that part of the rotation.

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@workeitel
feat(secretsmanager): Automatically grant permissions to rotation Lambda
8ff1462 
When you use the AWS Secrets Manager console to configure rotation for a
secret for one of the fully supported databases, the console configures
almost all parameters for you. But if you create a function or opt to do
anything manually for other reasons, you also might have to manually
configure the permissions for that part of the rotation.

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html
@gitpod-io
Copy link

gitpod-io bot commented Apr 30, 2021

@github-actions github-actions bot added @aws-cdk/aws-lambda Related to AWS Lambda @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager labels Apr 30, 2021
@nija-at nija-at removed the @aws-cdk/aws-lambda Related to AWS Lambda label May 6, 2021
@nija-at nija-at removed their assignment May 6, 2021
njlynch
njlynch suggested changes May 7, 2021
View reviewed changes
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks! I'm really shocked this didn't already exist already; perhaps no one has actually ever used the custom rotation function.

I think we can auto-detect the VPC permissions as well (and add a test specific to that); other than that, this looks great.

packages/@aws-cdk/aws-secretsmanager/README.md Outdated Show resolved Hide resolved
@njlynch njlynch added effort/small Small work item – less than a day of effort p1 labels May 7, 2021
njlynch
njlynch previously approved these changes May 7, 2021
View reviewed changes
@mergify mergify bot dismissed njlynch’s stale review May 7, 2021 16:26

Pull request has been modified.

njlynch
njlynch previously approved these changes May 10, 2021
View reviewed changes
@mergify mergify bot dismissed njlynch’s stale review May 10, 2021 14:04

Pull request has been modified.

@mergify
Copy link
Contributor

mergify bot commented May 12, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 89c20d2
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 85e00fa into aws:master May 12, 2021
@mergify
Copy link
Contributor

mergify bot commented May 12, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@skinny85 skinny85 mentioned this pull request May 25, 2021
Closed
skinny85 added a commit to skinny85/aws-cdk that referenced this pull request May 25, 2021
@skinny85
revert(secretsmanager): revert "Automatically grant permissions to ro…
4ae7fdb 
…tation Lambda (aws#14471)"

This reverts commit 85e00fa
@skinny85 skinny85 mentioned this pull request May 25, 2021
Merged
mergify bot pushed a commit that referenced this pull request May 25, 2021
@skinny85
revert(secretsmanager): revert "Automatically grant permissions to ro… (
d290b1d 
#14869)

…tation Lambda (#14471)"

This reverts commit 85e00fa

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
skinny85 added a commit that referenced this pull request May 26, 2021
@skinny85
revert(secretsmanager): revert "Automatically grant permissions to ro…
32b0b78 
…tation Lambda (#14471)"

This reverts commit 85e00fa
@workeitel workeitel deleted the secretsmanager-lambda-rotate-permissions branch June 24, 2021 12:05
hollanddd pushed a commit to hollanddd/aws-cdk that referenced this pull request Aug 26, 2021
@workeitel @hollanddd
feat(secretsmanager): Automatically grant permissions to rotation Lam…
7f96aa2 
…bda (aws#14471)

When you use the AWS Secrets Manager console to configure rotation for a
secret for one of the fully supported databases, the console configures
almost all parameters for you. But if you create a function or opt to do
anything manually for other reasons, you also might have to manually
configure the permissions for that part of the rotation.

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
hollanddd pushed a commit to hollanddd/aws-cdk that referenced this pull request Aug 26, 2021
@skinny85 @hollanddd
revert(secretsmanager): revert "Automatically grant permissions to ro…
76de75e 
…tation Lambda (aws#14471)"

This reverts commit 85e00fa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njlynch njlynch njlynch approved these changes

Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager effort/small Small work item – less than a day of effort p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@workeitel @aws-cdk-automation @njlynch @nija-at