Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS Lambda with environment variables injected from SecretsManager #1072

Open
2 tasks
THOUSAND-SKY opened this issue Feb 6, 2024 · 1 comment
Open
2 tasks
Labels
Backlog We don't have the bandwidth to support this task right now, but will consider it in the future. feature-request A feature should be added or improved

Comments

@THOUSAND-SKY
Copy link

I'm looking for a construct that sets up a lambda function with secrets before the lambda gets invoked.

Something a la https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Use Case

In nodejs, it's a hassle to move variables into secrets when you can only load secrets async. Top level await isn't straightforward either because web frameworks may bundle the server files into a single file and I don't have full control over which file appears first.

Proposed Solution

I'd like my secrets to be injected as env vars when the lambda is invoked. Preferably they'd only get loaded from SecretsManager on cold starts, and cached. It'd use a lambda layer like described in this https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

@THOUSAND-SKY THOUSAND-SKY added feature-request A feature should be added or improved needs-triage The issue or PR still needs to be triaged labels Feb 6, 2024
@biffgaut biffgaut added Backlog We don't have the bandwidth to support this task right now, but will consider it in the future. and removed needs-triage The issue or PR still needs to be triaged labels Feb 10, 2024
@biffgaut
Copy link
Contributor

Our current philosophy is to restrict the library to Infrastructure as Code, and not deploy code that operates within a client's application (e.g. - we provide no Lambda functions outside of Custom Resources that configure infrastructure during launch). But we will add this idea to our backlog if this changes in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Backlog We don't have the bandwidth to support this task right now, but will consider it in the future. feature-request A feature should be added or improved
Projects
None yet
Development

No branches or pull requests

2 participants