I'm following this document to configure the credential rotaion, but I got this error:
Fail to rotate the secret "xxxxxxxx"
Secrets Manager cannot invoke the specified Lambda function. Ensure that the function policy grants access to the principal secretsmanager.amazonaws.com
I'm using the developer role instead of a root user, I'm just wondering how can I resolve this issue and enable the rotation?
I have a potential solution, maybe I can create a Lambda function manually and select 'Use an existing Lambda function to perform rotation' in Secret Manager? But I feel like I will probably still get the same permission issue. Any suggestions will be appreciated.
You need to grant Secrets Manager permission to invoke the policy - See https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-secrets-manager/
'Grant Secrets Manager permission to call the function on your behalf'