Lamba: private vpc endpoint and secrets manager

Source: https://unsplash.com/photos/Fa0pTKuoDVY

Note to self: When you deploy an AWS Lambda function on a VPC, and you’re using Secrets Manager, remember these things:

1. Friday is almost here!
2. Create a VPC Endpoint for Secrets Manager a.k.a Secrets Manager interface endpoint in your lambda region (how?)
3. Add a Lambda Environment variable “SECRET_MANAGER_ENDPOINT” and set it to https://secretsmanager.<your_region>.amazonaws.com
4. Then when you set up the boto3.client connection, set it like this:
   client = boto3.client(‘secretsmanager’, endpoint_url=os.environ[‘SECRETS_MANAGER_ENDPOINT’])
5. Finally, ensure your Secrets Manager endpoint VPC subnet configuration matches the subnet configuration you set up for your lambda function. Otherwise, you’ll Lambda function will timeout waiting to connect to the Secrets Manager to get/write your secrets.

2021–05–14T17:20:54.636Z guid-e15b-more-1234–guid Task timed out after 300.10 seconds (in my case 5 minutes)