Choose an AWS Lambda function - AWS Secrets Manager

Choose an AWS Lambda function


If you enable rotation, Secrets Manager immediately rotates the credentials in the secret once to validate the new configuration. Ensure that all of your applications that use these credentials are updated to retrieve the credentials from this secret using Secrets Manager.

To rotate a secret for a non-RDS database or for a custom secret type, you must create and configure an AWS Lambda function that rotates the secrets when triggered. The rotation function updates the credentials on the protected service and updates the secret to match. Your applications then immediately begin accessing the protected service by using the new credentials contained in the secret.

Choose the Lambda function that contains the code that can rotate your secret.

You can view or choose only functions for which both you and the Secrets Manager service ( have the lambda:InvokeFunctionpermission. Alternatively, if the function doesn’t exist yet, choose Create function to go to the AWS Lambda console to create the function. When you return to this window, choose the refresh button to see the new function in the list.