diff --git a/rotate-credentials/rotate-credentials.py b/rotate-credentials/rotate-credentials.py
index 508bc812a6a7eed3b2077c128c5c55985e9fa232..81fe5e2292e1a364603a3568525e509386769f5d 100644
--- a/rotate-credentials/rotate-credentials.py
+++ b/rotate-credentials/rotate-credentials.py
@@ -71,10 +71,15 @@ def _store_new_password(client, secret_name, username, password, old_password):
       # We can't find the resource that you asked for.
       # Deal with the exception here, and/or rethrow at your discretion.
       raise e
+    elif e.response['Error']['Code'] == 'AccessDeniedException':
+      # We can't find the resource that you asked for.
+      # Deal with the exception here, and/or rethrow at your discretion.
+      raise e
 
 
 def _get_credential(client, secret_name):
 
+  logs.info(f"Getting credential {secret_name}")
   try:
     get_secret_value_response = client.get_secret_value(
       SecretId=secret_name
@@ -100,7 +105,12 @@ def _get_credential(client, secret_name):
       # We can't find the resource that you asked for.
       # Deal with the exception here, and/or rethrow at your discretion.
       raise e
+    elif e.response['Error']['Code'] == 'AccessDeniedException':
+      # We can't find the resource that you asked for.
+      # Deal with the exception here, and/or rethrow at your discretion.
+      raise e
   else:
+    logs.info(f"Found secret {secret_name}")
     # Decrypts secret using the associated KMS CMK.
     # Depending on whether the secret is a string or binary, one of these fields will be populated.
     if 'SecretString' in get_secret_value_response: