SSOSYNC_REGION environment variable is not respected when deployed as Lambda function

[anggras]

Describe the bug
When deployed as a Lambda function with SSOSYNC_REGION environment variable set to the arn of a Secret Manager Secret, ssosync still expects value from SSOSyncRegion Secret.

To Reproduce
Steps to reproduce the behavior:

1. Deploy ssosync version 2.1.2 as a Lambda function
2. Configure environment variables SSOSYNC_GOOGLE_CREDENTIALS, SSOSYNC_GOOGLE_ADMIN, SSOSYNC_SCIM_ENDPOINT, SSOSYNC_SCIM_ACCESS_TOKEN, SSOSYNC_REGION, and SSOSYNC_IDENTITY_STORE_ID to the arns of the respective Secrets (non default Secret values).
3. The following error will be asserted

level=fatal msg="cannot read config: ResourceNotFoundException: Secrets Manager can't find the specified secret."

4. Create a Secret Manager Secret named SSOSyncRegion
5. Function runs successfully

Expected behavior
ssosync should respect the SSOSYNC_REGION environment variable and fetch the secret value from the specified arn.

Additional context
n/a

[ChrisPates]

How are you deploying the lambda? SAM SAR or something else? Chris On 8 Feb 2024, at 09:50, Anggra ***@***.***> wrote:  Describe the bug When deployed as a Lambda function with SSOSYNC_REGION environment variable set to the arn of a Secret Manager Secret, ssosync still expects value from SSOSyncRegion Secret. To Reproduce Steps to reproduce the behavior: 1. Deploy ssosync version 2.1.2 <https://github.com/awslabs/ssosync/releases/download/v2.1.2/ssosync_Linux_arm64.tar.gz> as a Lambda function 2. Configure environment variables SSOSYNC_GOOGLE_CREDENTIALS, SSOSYNC_GOOGLE_ADMIN, SSOSYNC_SCIM_ENDPOINT, SSOSYNC_SCIM_ACCESS_TOKEN, SSOSYNC_REGION, and SSOSYNC_IDENTITY_STORE_ID to the arns of the respective Secrets (non default Secret values). 3. The following error will be asserted level=fatal msg="cannot read config: ResourceNotFoundException: Secrets Manager can't find the specified secret." 1. Create a Secret Manager Secret named SSOSyncRegion 2. Function runs successfully Expected behavior ssosync should respect the SSOSYNC_REGION environment variable and fetch the secret value from the specified arn. Additional context n/a — Reply to this email directly, view it on GitHub <#170> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABVULYMLECHIVC6QWINFBK3YSSNVZAVCNFSM6AAAAABC7NJON2VHI2DSMVQWIX3LMV43ASLTON2WKOZSGEZDINZUGYZTEMY> . You are receiving this because you are subscribed to this thread. <https://github.com/notifications/beacon/ABVULYLUI5UH5BTTN5OSVELYSSNVZA5CNFSM6AAAAABC7NJON2WGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHH5JIOKM.gif> Message ID: ***@***.***>

[anggras]

Hi @ChrisPates,

I renamed the binary to bootstrap, compressed to zip and uploaded it to a Lambda function.

Anggra

[ChrisPates]

Apologies for the delay, I have reproduced the behavior in my test environment. Having reviewed the code it may well apply to all secrets, I'm going to perform further testing and the look at implementing a fix.

[anggras]

No worries @ChrisPates , just created a PR with what I did for my internal use

[ChrisPates]

Thank you for sharing on closer inspection actually there is a broader issue with the Lambda Env Vars being ignored. I have a build I'm testing currently but it should address your original issue and some previously unidentified ones.