Skip to content

branie-it/aws-psql-rotation-lambda-bundler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github
.github
 
 
bin
bin
 
 
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitlint
.gitlint
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

PSQL Secret Rotation Lambda bundler

License: MPL 2.0 Release to GitHub

The scripts in this repository bundle the PSQL Secret Rotation Lambda by Amazon with the required shared libraries.

Seems simple enough, but it took me some time to figure out

  1. That the Lambda kept crashing on start, because some shared libraries must be bundled with the Python code
  2. Exactly which libraries must be bundled
  3. What is the correct way to obtain these libraries for bundling

This bundler documents these findings and enables fully automated PSQL secret rotation management through means of Terraform for example.

Requirements

  • Python 3.7+ on the builder machine
  • Same Python version on the Lambda AMI as used on the builder machine

Usage

Shell

make clean build

Terraform

To illustrate a useful purpose of the bundler, I have included a simple usage example for Terraform.

The problem

Amazon Secrets Manager allows you to automatically rotate your secrets on a scheduled interval by assigning them a rotation Lambda. There are a few examples built by Amazon readily available from the AWS Console, among them a PSQL Secret Rotation Lambda. So far so good, as this Lambda works just fine as-is.

However, if you are anything like me, you want full control of what is deployed to your infrastructure and that means you want to decide exactly which version of each module is installed. You also want to do this automated through Terraform instead of manually clicking through the AWS Console.

When you simply upload the PSQL Rotation Lambda script from Amazon though, CloudWatch will ouput the error below.

Unable to import module 'lambda_function': libpq.so.5: cannot open shared object file: No such file or directory

That is because the script depends on PyGreSQL - "a Python module [that] wraps the lower level C API library libpq to allow easy use of the powerful PostgreSQL features from Python" - which is not available on the Python Lambda AMI's. So you need to bundle it with your Lambda and that's where the code in this repository comes in.

It obtains the binaries that match the current Python version and CPU architecture by installing the PyGreSQL and the psycopg2-binary packages through pip. These are then bundled into a zip archive, together with latest version of the Amazon PSQL Secret Rotation Lambda which is retrieved from the master branch of their repository.

Applications

Some applications of this bundler include

  1. Pinning specific versions of the PSQL Secret Rotation Lambda to your infrastructure
  2. Adapting the code to your needs, e.g. to use your own password generator - that is probably a bad idea, don't do that :)

Alternatives

AWS Secrets Manager PSQL Rotation Lambda by 0xSeb.

Alters the original code by Amzon and bundles psycopg2.

Contributing

See the contributing guide to learn how to contribute to the repository and the development workflow.

Code of Conduct

Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

MPL-2.0

About

Bundle the PSQL Secret Rotation Lambda by Amazon with the required shared libraries.

github.com/branie-it/aws-psql-rotation-lambda-bundler

Topics

bash aws bundler lambda aws-lambda serverless secret postgresql psql secret-management rds rotation hacktoberfest

Resources

Readme

License

MPL-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Aug 18, 2022

Languages