我启用了轮换并检查了 lambda 函数日志,没有错误,一切看起来都很好。
但我在 Secrets Manager 控制台中检索了密钥,它仍然是旧密码。我不知道发生了什么事。
在 AWS CLI 中:
aws secretsmanager list-secret-version-ids --secret-id xxx
Output:
{
"Versions": [
{
"VersionId": "4********2f",
"VersionStages": [
"AWSPREVIOUS"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484370.988
},
{
"VersionId": "9********69",
"VersionStages": [
"AWSPENDING"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484483.303
},
{
"VersionId": "b5*********c5",
"VersionStages": [
"AWSCURRENT"
],
"LastAccessedDate": 1580428800.0,
"CreatedDate": 1580484482.179
}
],
"ARN": "arn:aws:secretsmanager:us-east-1:xxxxxxxxxxxxxx",
"Name": "xxxxxxxxxxxxxx"
}
I see a AWSPENDING
以上,是什么意思?我注意到版本ID发生了变化,这是否意味着轮换成功?非常感谢。
附加信息:
在cloudwatch日志中:
[INFO] 2020-02-01T19:30:47.741Z 3d6XXX81 Found credentials in environment variables.
[INFO] 2020-02-01T19:30:48.416Z 3dXXX81 createSecret: Successfully retrieved secret for arn:XXX
END RequestId: 3dXXX81
REPORT RequestId: 3dXXX81
START RequestId: adXXX52 Version: $LATEST
END RequestId: adXXX52
REPORT RequestId: adXXX52
2020-02-01T19:30:51.485Z adXXX52 Task timed out after 3.00 seconds
我手动开始了新的轮换,它给了我一个新的错误:
[ERROR] ValueError: Unable to log into database with previous, current, or pending secret of secret xxxxxx
当我尝试访问 MySQL 数据库时,我无法使用原始密码登录,这是否意味着密码已轮换为随机值并且现在处于“待处理”状态?现在不知道该怎么办,有办法重置密码吗?
重新触发另一轮旋转,它给了我unable to log into db
and [ERROR] ClientError: An error occurred (AccessDeniedException) when calling the GetSecretValue operation:
我真的不明白为什么我不断收到新错误,我很确定我在 Lambda exec 角色中添加了“GetSecretValue”,有人知道到底发生了什么吗?