AWS secrets manager, 'A previous rotation isn’t complete' when rotating secrets

Question

I\'ve created a secret and updated it to have a lambda rotation function

My secret looks like

aws secretsmanager list-secret-version-ids --secret-id envi         


        

Answer 1

For anyone still having this issue what you can try doing is clearing the pending version and reattempting the rotation

For example with a secret with secret id thefrog, call

aws secretsmanager get-secret-value \
    --secret-id thefrog \
    --version-stage AWSPENDING

to get the version id of the version with the pending label. The result would look like

{                                                                      
    "CreatedDate": 1541540242.561,                         
    "Name": "thefrog",                
    "VersionStages": [                               
        "AWSPENDING"                                        
    ],                                                    
    "SecretString": "TOP-SECRET",                                                    
    "ARN": "arn:aws:secretsmanager:xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "VersionId": "2a27cecb-23c7-4320-b168-78661c24612f"   
} 

Then call

aws secretsmanager update-secret-version-stage \
    --secret-id thefrog \
    --version-stage AWSPENDING \
    --remove-from-version-id 2a27cecb-23c7-4320-b168-78661c24612f

to remove the version of secret that has the pending label.

From here you can retry the rotation