aws-solutions-constructs icon indicating copy to clipboard operation
aws-solutions-constructs copied to clipboard

Published 20 hours ago verified publisher icon awslabs

AWS Lambda with environment variables injected from SecretsManager

Open THOUSAND-SKY opened this issue 1 year ago • 1 comments

I'm looking for a construct that sets up a lambda function with secrets before the lambda gets invoked.

Something a la https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Use Case

In nodejs, it's a hassle to move variables into secrets when you can only load secrets async. Top level await isn't straightforward either because web frameworks may bundle the server files into a single file and I don't have full control over which file appears first.

Proposed Solution

I'd like my secrets to be injected as env vars when the lambda is invoked. Preferably they'd only get loaded from SecretsManager on cold starts, and cached. It'd use a lambda layer like described in this https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Other

  • [ ] :wave: I may be able to implement this feature request
  • [ ] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

THOUSAND-SKY avatar Feb 06 '24 14:02 THOUSAND-SKY

Our current philosophy is to restrict the library to Infrastructure as Code, and not deploy code that operates within a client's application (e.g. - we provide no Lambda functions outside of Custom Resources that configure infrastructure during launch). But we will add this idea to our backlog if this changes in the future.

biffgaut avatar Feb 10 '24 15:02 biffgaut