I have created a lambda function which I intend to serve as a secret rotation function to be used by the secrets manager, but when I try to add this function as a rotation function in the secrets manager I get the error "Secrets Manager cannot invoke the specified lambda function. Ensure that the function policy grants access to the principal secretsmanager.amazonaws.com" but I have already allowed secrets manager to invoke the function in the functions resource based policy, this is what I have defined
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "Secret-Manager-Access-To-fun_SSH-function",
"Effect": "Allow",
"Principal": {
"Service": "secretsmanager.amazonaws.com"
},
"Action": "lambda:Invoke",
"Resource": "arn:aws:lambda:us-east-1:296808031351:function:fun_ssh"
}
]
}
I am unable to understand what I am missing, how do I get this to work?
TIA
A reason could be that you use incorrect action: lambda:Invoke.
The correct action of invoking lambda function is lambda:InvokeFunction.