When trying to use a cross account Lambda function (i.e. secret is in Account A and Lambda in Account B) for secret rotation with a set schedule e.g. 90 days the API returns the below error code and message:
InvalidRequestException: The AWS account that owns the Lambda function isn't the AWS account that's trying to invoke the function.
This only occurs if you use the --rotation-rules
option to rotate-secret
i.e. you can enable rotation without setting rotation rules.
Is this by design or an issue?