bash-lambda-layer icon indicating copy to clipboard operation
bash-lambda-layer copied to clipboard

Published 20 hours ago verified publisher icon gkrizek

How to configure AWS credetials

Open pran-m opened this issue 6 years ago • 5 comments

How to add ~/.aws credential folder to the lambda?. I tried directly exporting the variable in the code but it is not getting set.

handler () { set -e # Event Data is sent as the first parameter EVENT_DATA=$1 echo $EVENT_DATA

export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxx
export AWS_SECRET_ACCESS_KEY=yyyyyy
export AWS_DEFAULT_REGION=us-east-1

aws configure  // This gives output as -  "AWS Access Key ID [None]:"

}

pran-m avatar Dec 04 '19 04:12 pran-m

Could this be better handled by assigning Roles to the Lambda? Then you don't need to put those secure credentials in the code.

digitalsushi avatar Dec 18 '19 15:12 digitalsushi

I have run into this same issue and am still looking for an answer.

@digitalsushi the issue with this solution is that for my use case I am receiving temporary aws credentials from a curl POST command and then need to set the environment variables for my lambda function equal to the temporary credentials.

Any insights on this would be greatly appreciated.

Thanks!

jpcarnes avatar Mar 18 '20 16:03 jpcarnes

You should use the Lambda role. It uses it automatically. If you have a reason to use different credentials you could write them to /tmp/.aws/credentials and /tmp/.aws/config. Then you need to run

export AWS_CONFIG_FILE=/tmp/.aws/config
export AWS_SHARED_CREDENTIALS_FILE=/tmp/.aws/credentials

gkrizek avatar Mar 19 '20 03:03 gkrizek

@gkrizek - thanks for the swift response. I do need to change he credentials, I had tried commands such as:

export AWS_ACCESS_KEY=myAccessKey

But kept getting errors saying that these types of environment variables are reserved and can't be changed in a lambda function as it's running.

I'm kind of new to bash scripts... For the exports you mentioned above would I need to create the config and credential files in the script or do those already come as files inside the lambda functions /tmp file when it executes.

thanks for the help!

jpcarnes avatar Mar 19 '20 14:03 jpcarnes

It seems that AWS CLI credentials are always being overwritten by IAM role lambda privileges, even if you export AWS_SHARED_CREDENTIALS_FILE and AWS_CONFIG_FILE.

So far I haven't been able to find a workaround because using the Lambda role does the work for me, but there has to be a workaround...

ljubaisakovic avatar Apr 15 '20 07:04 ljubaisakovic