aws-secrets-manager-rotation-lambdas icon indicating copy to clipboard operation
aws-secrets-manager-rotation-lambdas copied to clipboard
verified publisher icon aws-samples

Error when attempting to use the rds rotate secret lambda template

Open mobious999 opened this issue 1 year ago • 1 comments

When I attempted to use this code https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSSQLServerRotationMultiUser/lambda_function.py

I have tried multiple ways to get the pymssql package to work (either in the lambda function code or in a lambda layer) both fail with the following error.

[ERROR] Runtime.ImportModuleError: Unable to import module 'lambda_function': No module named 'pymssql._pymssql' Traceback (most recent call last):

I've attempted to debug the module but a simple import won't even work.

This is the third time we've had lambda functions fail our rotation and I would like to see if there's a way to adjust the lambda so that it works or provide guidance on how to build the lambda package.

mobious999 avatar Aug 12 '24 20:08 mobious999

Could you provide information about how you currently build the lambda package?

simonmarty avatar Aug 26 '24 15:08 simonmarty

Please let us know if you're still having an issue. Closing for now due to inactivity, please feel free to reopen.

jirkafajfr avatar Nov 18 '24 19:11 jirkafajfr

Based on what I saw the issue was closed. I at that point no longer thought it was going to be an issue so I moved on.

mobious999 avatar Nov 18 '24 20:11 mobious999

Please close the issue.

mobious999 avatar Nov 18 '24 20:11 mobious999

Please do not close the issue. It happened again: (No module named '_pg')

INIT_START Runtime Version: python:3.10.v96	Runtime Version ARN: arn:aws:lambda:eu-central-1::runtime:960a2ae5cc149d9911eed159109852e1a25123f8b4d0e07437fe8e0700e16aa0

[WARNING]	2025-10-02T14:27:09.395Z		LAMBDA_WARNING: Unhandled exception. The most likely cause is an issue in the function code. However, in rare cases, a Lambda runtime update can cause unexpected function behavior. For functions using managed runtimes, runtime updates can be triggered by a function change, or can be applied automatically. To determine if the runtime has been updated, check the runtime version in the INIT_START log entry. If this error correlates with a change in the runtime version, you may be able to mitigate this error by temporarily rolling back to the previous runtime version. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html

[ERROR] Runtime.ImportModuleError: Unable to import module 'lambda_function': No module named '_pg'
Traceback (most recent call last):

INIT_REPORT Init Duration: 472.12 ms	Phase: init	Status: error	Error Type: Runtime.ImportModuleError
--

dobeerman-sts avatar Oct 02 '25 14:10 dobeerman-sts

@dobeerman-sts , please review https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html#troubleshoot_rotation_python_310. ASM has upgraded it's lambda functions Runtime keys to python3.10 by default in it's vended SAM templates and depending on how you deployed this function this error can occur.

rstevens011 avatar Oct 02 '25 19:10 rstevens011

depending on how you deployed this function this error can occur.

@rstevens011 hmm... I'm a bit confused. This Lambda is deployed by SAM with their proprietary code. So, ASM has upgraded functions' Runtime and did not upgrade code itself? What I missed? 🤔

If Lambda's code has also been upgraded how would I trigger re-deployment using cdk?

dobeerman-sts avatar Oct 03 '25 07:10 dobeerman-sts

It all depends on how you deployed the lambda in the first place. We recommend you use HostedRotationLambda since it keeps the runtime in sync with the code changes.

We're in the process of merging the changes to the Lambdas for Python 3.10 into this public mirror in #167

simonmarty avatar Oct 03 '25 20:10 simonmarty