search

aws-samples / aws-secrets-manager-rotation-lambdas

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager
MIT No Attribution
329 stars 282 forks source link

Aurora-mysql rotation fix #118

Closed GNUKalashnikov closed 11 months ago

GNUKalashnikov commented 1 year ago

Within this file: SecretsManagerRDSMySQLRotationSingleUser /lambda_function.py

I found a verfication check that only supports mysql. From my testing, I found that changing from aurora-mysql to just mysql creates a functional password rotation for the aurora-mysql db

Found on line 421:

    if 'engine' not in secret_dict or secret_dict['engine'] != 'mysql':
        raise KeyError("Database engine must be set to 'mysql' in order to use this rotation lambda")
    for field in required_fields:
        if field not in secret_dict:
            raise KeyError("%s key is missing from secret JSON" % field)

Propsed fix:

    if 'engine' not in secret_dict or (secret_dict['engine'] != 'mysql' and secret_dict['engine'] != 'aurora-mysql'):
        raise KeyError("Database engine must be set to 'mysql' in order to use this rotation lambda")
    for field in required_fields:
        if field not in secret_dict:
            raise KeyError("%s key is missing from secret JSON" % field)

This will allow for the verfication to pass aurora-mysql

crus-umich commented 11 months ago

Thank you for reaching out, we added the aurora engine types for the MySQL single user rotation lambda in the most recent PR.