1

How to do pwd rotation for non AWS service credentials stored in AWS secret manager. I have api calls to do password reset.

My user account is in Microsoft Azure AD. I want to store the credentials in AWS secret manager but need to do regular rotation by making api calls and then update secret manager with the new password.

user312307
  • 153
  • 6
  • 21

1 Answers1

3

This process is documented here. You would enable secret rotation in Secrets Manager, and provide it with a custom AWS Lambda Function that performs your API calls.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • 1
    Do we have any example of custom AWS Lambda Function that does API calls? – user312307 Apr 08 '22 at 16:08
  • The act of performing an API call to a third party service is going to be exactly the same in Lambda function code as it is in code running anywhere else. The code is going to depend entirely on the programming language you chose to write the Lambda function with, and the third party API you are interacting with. – Mark B Apr 08 '22 at 16:23
  • I am planning to use powershell script to make api call. Do we have examples how to do it through lambda? – user312307 Apr 11 '22 at 17:40
  • Powershell sounds like a really bad fit for Lambda. Why not use something Lambda supports like Python? If you need a specific example, have you tried searching for "using powershell in AWS Lambda"? – Mark B Apr 11 '22 at 19:07
  • I am working to get this function to make api calls for Microsoft API graph and I see most of the examples are with powershell and I saw that we can do lambda with powershell – user312307 Apr 11 '22 at 23:14
  • Is the Python Lambda code to set the new password in Microsoft AD available online? I could find the code to set new password for AWS Managed AD but not Microsoft AD. – Biju Jun 12 '23 at 17:03
  • 1
    @Biju that code would not be AWS Lambda specific. It would just be python code that updates Active Directory. I would start by looking at the answers to this question https://stackoverflow.com/questions/37847042/changing-active-directory-user-password-in-python-3-x – Mark B Jun 12 '23 at 17:34
  • Thanks for the quick reply - i will check out this link. – Biju Jun 12 '23 at 18:04