Secrets Manager: Security issue when adding rotationLambda with CT Hooks

[JMJHOX]

Describe the bug

This bug has been previously raised by #28406 and closed for inactivity.

But in my case, it is reflected when you enable an CT Guardrail that checks the rule [CT.LAMBDA.PR.2] is complying proactively.
That is, deploying a CFN Hook into your account that checks if your lambdas deployed have the property called "SourceAccount" in the service principal, for this case It fails when I try to deploy a lambda rotation with CDK.

Expected Behavior

I should be allowed to add or override the service principal created, like was discussed in the old thread.

Current Behavior

It creates the resource without the required fields, causing it to fail when the hook checks on the creation process.

Reproduction Steps

add a rotation lambda to secrets manager, enable ct guardrail for rule [CT.LAMBDA.PR.2] and you are good to go

Possible Solution

Continue the previous PR.
I´d like to check the old PR and go on with it, I´m interested in this issue is fixed.

Additional Information/Context

Not much

CDK CLI Version

v2.136.0

Framework Version

No response

Node.js Version

v16.20.0

OS

windows

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

Hi

Can you provide minimal code snippets in the Reproduction Steps that reproduces this issue?

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.