AWS Secret Manager提供了一个功能，称为“Secrets Manager Lambda Rotation”，它允许您在AWS Lambda中实现自动密钥轮换，并使用AWS CloudTrail从Secrets Manager收到通知，以通知您应用程序的密钥已经更新。可以使用以下代码示例来实现此功能：

import json
import logging
import os
import boto3

# Configure the desired secret in the Secrets Manager Console before running the Lambda
# Replace the Name and Region values with your secret's name and the region your secret exists in
secret_name = "my_secret"
region_name = "us-west-2"
    
session = boto3.session.Session()
client = session.client(service_name='secretsmanager', region_name=region_name)

def lambda_handler(event, context):
    # Detect if the secret was rotated
    if event['detail']['eventName'] == 'RotateSecret':
        # Get the updated secret value
        response = client.get_secret_value(SecretId=secret_name)
        secret_value = response['SecretString']
        
        # Update your app's configuration or load the new secret value into memory
        # For example:
        # app_config = json.loads(secret_value)
        # os.environ['SECRET_KEY'] = app_config['SECRET_KEY']
        
        # Log a success message
        logger.info(f"{secret_name} was updated successfully.")