aws-samples / aws-iam-access-key-auto-rotation

This set of CloudFormation templates and Python scripts will set up an auto-rotation function that will automatically rotate your AWS IAM User Access Keys every 90 days.
MIT No Attribution
140 stars 130 forks source link

Issue with lambda code and secrets manager #6

Closed sidharthsinghcfins closed 3 years ago

sidharthsinghcfins commented 3 years ago

Issue 1: This function seems to update secrets manager only in plaintext format not in key pair format. Issue 2: if there is already an entry for user in key value pair in secrets manager , (let say when user is created via CF and updated to SM). those keys are not updated at all.

in both scenarios keys gets rotated and i get notification., but there is not key update on secrets manager. i can confirm there is gap in the code and is partially running to even test for test scenarios. gap in this solution is implementation and how console or aws handles secrets in json format.

aws-laura commented 3 years ago

FYI - this issue has been resolved with the v2 release.

secrets-manager-fix