Error: setSecret: Unable to log into database with previous, current, or pending secret when configuring credential rotation in AWS
I created a rotation Lambda manually by using MySQL template, after kicking off the rotation, it gave me error:
[ERROR] ValueError: Unable to log into database with previous, current, or pending secret of secret
I found this solution and tried but doesn't work (I'm not very sure about step 2 though, about where to store the file 'latest RDS CA Bundle'), what I did was put in the folder and zip again, uploaded to Lambda.
In addition, I don't know if I'm using the right Lambda template for rotation, what's the difference between 'Single user'and 'Multiple user'? I thought my secret only contain one user and one password so I used the template for one single user, is that correct?
I've spent a very long time on this whole rotation thing, this has already took me way too much time than I expected! Really exhausted... Can anyone help me... Thank you.
Make sure that your RDS and Lambda rotation function are in the same VPC and your RDS instance allows access to your lambda function. What you need is the following to ensure the connectivity between your Rotation lambda and RDS:
- Create a security group in the same vpc with no inbound rules and default outbound rules and assign it to the secrets rotation lambda function.
- White-list this recently created lambda security group in the inbound of your RDS security group against port 3306.