我启用了旋转功能并检查了lambda函数日志,没有错误,一切看起来都很好。 但是我在Secrets Manager控制台中检索了秘密,它仍然是旧密码。我不知道发生了什么。
在AWS CLI中:
aws secretsmanager list-secret-version-ids --secret-id xxx
Output:
{
"Versions": [
{
"VersionId": "4********2f",
"VersionStages": [
"AWSPREVIOUS"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484370.988
},
{
"VersionId": "9********69",
"VersionStages": [
"AWSPENDING"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484483.303
},
{
"VersionId": "b5*********c5",
"VersionStages": [
"AWSCURRENT"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484482.179
}
],
"ARN": "arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxxxx",
"Name": "xxxxxxxxxxxxxx"
}
我看到上方的AWSPENDING是什么意思?我注意到版本ID已更改,是否表示轮换成功?非常感谢。
其他信息: 在cloudwatch日志中:
[INFO] 2020-02-01T19:30:47.741Z 3d6XXX81 Found credentials in environment variables.
[INFO] 2020-02-01T19:30:48.416Z 3dXXX81 createSecret: Successfully retrieved secret for arn:XXX
END RequestId: 3dXXX81
REPORT RequestId: 3dXXX81
START RequestId: adXXX52 Version: $LATEST
END RequestId: adXXX52
REPORT RequestId: adXXX52
2020-02-01T19:30:51.485Z adXXX52 Task timed out after 3.00 seconds
我手动开始了新的轮换,这给了我一个新的错误:
[ERROR] ValueError: Unable to log into database with previous, current, or pending secret of secret xxxxxx
当我尝试访问MySQL数据库时,无法使用原始密码登录,这是否意味着密码已被旋转为随机值,并且现在为“ PENDING”?不知道现在该怎么办,是否可以重设密码?
再次触发轮换,它给了我unable to log into db和[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the GetSecretValue operation:
我真的不明白为什么我总是收到新错误,我很确定我在Lambda exec角色中添加了“ GetSecretValue”,有人知道这到底是怎么回事吗?