ACM.317 Lack of sufficient logging and generic error messages complicates troubleshooting Lambda timeouts
Part of my series on Automation of cybersecurity measures. Lambda. Internet Security. GitHub Security. Container security. Deploy a static website. THE Coded.
Free content on Cybersecurity Jobs | Register at Broadcast list
In the last article, I added a personal access token in GitHub and granted access from NAT to my private network by adding the AWS Elastic IP address for NAT in the GitHub organization security settings .
In this article, I want to access Secrets Manager in an AWS Lambda function in a private network. I originally thought I would retrieve the secret and clone the repository in a single message, but it turns out that AWS has made troubleshooting Lambda functions quite complicated due to the lack of sufficient error messages. I have some recommendations for fixing these messages at the bottom, but in the meantime you can see how I fixed the problem here.
I have already added permission for the Lambda function execution role to access the secret.
Make sure the Lambda role includes permission to read the secret
Remember that I added permission to view a secret in the Lambda execution role, but only if a secret is required.
Take a look at the policy in the AWS console and it looks like the role was not deployed with the optional secret permissions.