Accessing SecretsManager from Lambda Function in a VPC

• Set up VPC configuration for Lambda Function
• Create a Security Group for Lambda Function and associate it with the function
• Create an VPC Endpoint for Secrets Manager
• Create a policy with this permissions and attach it to the function's Execution Role

{  
    "Version": "2012-10-17",  
    "Statement": [  
        {  
            "Sid": "VisualEditor0",  
            "Effect": "Allow",  
            "Action": [  
                "secretsmanager:GetResourcePolicy",  
                "secretsmanager:GetSecretValue",  
                "secretsmanager:DescribeSecret",  
                "secretsmanager:ListSecretVersionIds"  
            ],  
            "Resource": "arn:aws:secretsmanager:region:account_id:secret:your-secret-arn"  
        }  
    ]  
}  

Sources:

• https://repost.aws/knowledge-center/lambda-secret-vpc
• https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html
• https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws

Unknown (2023-09-25 16:35:27)
#aws #lambda #secretsmanager #vpc