![]() ![]() I did a bit of an experiment by injecting that header. When I look at other people's logs I can see the headers that the boto3 client sends usually contains Connection: keep-alive, yet looking at my logs none of them contain that header. ![]() Looks like the response header contains Connection: close, but that's coming back FROM Secrets Manager. I also don't think I'm stressing out the API that much - a few requests in a period of a few seconds and then nothing for many minutes should be fine for AWS. I don't think it's a security group, ACL or endpoint config issue, because it would either work or not work, not sometimes work. After maybe 10-15 minutes it starts working again up to the GetRandomPassword part and then drops the connection again. Resetting dropped connection: įrom this point on, it can't even successfully do a DescribeSecret without the lambda timing out. ![]() Then I can see a GetRandomPassword request.Īfter that, I see the following in the logs: Secrets Manager can't find the specified secret value for VersionId: xxxxxxxx" Then I can see a GetSecretValue request for an AWSPENDING stage. Then I can see a GetSecretValue request for an AWSCURRENT stage. I can see it does a DescribeSecret request. Could this have something to do with Python, networking timeouts and lambda connections being held or dropped due to timeouts? after a few requests, any subsequent requests start timing outĪfter some time, it manages to send a few more requests.a few requests to Secrets Manager appear to work.Secrets Manager is invoking the lambda function successfully.The Lambda rotator function has permissions for secrets manager for all resources, logging to Cloudwatch and the relevant VPC permissions to execute in a VPC. I have security groups, but for debugging, I've allowed all traffic for all security groups and Network ACLs. an Endpoint for Secrets Manager, Private DNS enabled.a Lambda rotator function based on the AWS Python template for single user MySQL rotation.a private VPC with a subnet that contains an RDS MySQL instance.Alright, so after 3 days of trying to get this working I finally give up. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |