Skip to content
Advertisement

How to use secret manager endpoint in lambda handler?

I want to make a write to RDS from lambda. As they both are in different accounts, I created a peering connection between them and also created a secret endpoint to access it. I have a non-rotational secret manager endpoint, I have a lambda handler like

JavaScript

How the secret endpoint will be used in this handler and how can I refer to the tables via that? As I am new to this any sample code or doc would be helpful. Not able to find.

Advertisement

Answer

You don’t need to do anything1 , if the Lambda function is running inside the VPC with the endpoint accessible. Depending on the kind of Endpoint (Interface or Gateway) there are some DNS-tricks (Private Hosted Zones set up for you by AWS) employed by AWS to make this seem seamless.

Essentially the code doesn’t need to know it’s talking to a VPC endpoint, that’s handled in the background. There are a couple exceptions that have bitten me in the past – see the footnote. If it doesn’t work, make sure the security groups of the endpoint allow connections from the Lambda functions on Port 443.


1: The exception being IAM and other global services, here you should specify a regional endpoint when instantiating the client.

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement