Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is it possible to rotate a token rather than a password using AWS Secrets Manager Rotation by Lambda function?

0

I'm looking at the possibility of using AWS Secrets Manager Rotation by Lambda function to rotate a couple of access tokens for external services. However, reading through https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda.html and the examples provided, it appears that the rotation workflow is only designed to handle passwords, not tokens. That is to say, that the workflow relies on you being able to create the new secret value yourself, and then tell the service being accessed to use that new secret. Which of course, does not cater for access tokens, which you normally rotate by asking the service being accessed for a new token, which it then provides - you normally do not get to create token values yourself. Am I correct? Is AWS Secrets Manager Rotation not usable for rotating tokens that are provided to you by the service being accessed? Because if so, this seems a major gap in functionality.

Topics
Security, Identity, & Compliance
Tags
AWS Secrets Manager
Language
English
asked a year ago456 views
1 Answer
1

Hello.

I think it is possible to rotate the access token by modifying the rotation Lambda function yourself and getting the access token from Lambda to the external service.
For this purpose, AWS has created a Lambda function that can be used as a reference for rotation.
I think you can edit this code to suit your needs.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#OTHER_rotation_templates

I think the structure on page 21 of the PDF below is close to your purpose.
https://d1.awsstatic.com/events/Summits/reinvent2022/SEC325-R_Beyond-database-password-management-5-use-cases-for-AWS-Secrets-Manager.pdf

The code for the rotation Lambda function introduced in the blog below will be helpful.
https://medium.com/@larhdid/fortify-your-apps-security-save-and-rotate-tokens-with-aws-secret-manager-and-lambda-e3f7a99c01e0

EXPERT
answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content