secrets-manager | A daemon to sync Vault secrets to Kubernetes secrets | Identity Management library

this is my lambda function (https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRotationTemplate/lambda_function.py) when i am testing

I have a situation where I have a secret important_secret stored in secrets manager with a secret value of

I have a CDK project that creates a CodePipeline which deploys an application on ECS. I had it all previously working, but the VPC was using a NAT gateway, which ended up being too expensive. So now I am trying to recreate the project without requiring a NAT gateway. I am almost there, but I have now run into issues when the ECS service is trying to start tasks. All tasks fail to start with the following error:

I stored my MySQL DB credentials in AWS secrets manager using the Credentials for other database option. I want to import these credentials in my application.properties file. Based on a few answers I found in this thread "https://stackoverflow.com/questions/56194579/how-to-integrate-aws-secret-manager-with-spring-boot-application", I did the following:

1. Added the dependency spring-cloud-starter-aws-secrets-manager-config
2. Added spring.application.name = and spring.config.import = aws-secretsmanager: in application.properties
3. Used secret keys as place holders in the following properties:

...

What I want to do is feed a list of key names to a module that will be used to generate many secrets with different random passwords in secrets manager.

I have tried many different things but have failed so far.

This is what I have currently:

I'm wondering if something is possible at all, or I'm trying to build something that is not possible from the start.

Let's say within Account A there is an RDS DB Password, (can be any AWS resource ID or value) that I have stored in Secrets Manager or Parameter Store.

Now I want to use that value in AWS CDK in Account B, is this possible?

It is possible to retrieve the value based on ARN, see: https://bobbyhadz.com/blog/get-secrets-manager-values-aws-cdk#get-secrets-manager-value-by-arn---alternative but would this work cross-account?

Using this as lambda function - https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRotationTemplate/lambda_function.py. giving perimeters as

I am trying to follow the guide here to automate the rotation of keys for IAM users- https://awsfeed.com/whats-new/apn/automating-rotation-of-iam-user-access-and-secret-keys-with-aws-secrets-manager

Essentially I'm wanting to get new keys every 60 days, deactivate the old keys every 80 days, and then delete/remove old keys every 90 days.

I have slightly modified it to get new keys every 60 days instead of 90 and here is the lambda function:

I have started using Serverless framework with AWS. My source is in Typescript which would be built to JavaScript before deploying. This gets uploaded to S3 and then lambda function is created. I noticed that my lambda functions are over 70MB although I only have a few lines of code with operations that use just the aws-sdk, like querying DynamoDB or SecretsManager.

To investigate this, I downloaded the zipped file which gets uploaded to S3 by serverless framework and unzipped for its content. It has a folder named ${WORKSPACE} which accounts for the 70% of the package memory and it does not seem to have any relevant content for the lambda function.

My package.json looks like this