search

awslabs / aws-solutions-constructs

The AWS Solutions Constructs Library is an open-source extension of the AWS Cloud Development Kit (AWS CDK) that provides multi-service, well-architected patterns for quickly defining solutions
https://docs.aws.amazon.com/solutions/latest/constructs/
Apache License 2.0
1.24k stars 249 forks source link

AWS Lambda with environment variables injected from SecretsManager #1072

Open THOUSAND-SKY opened 9 months ago

THOUSAND-SKY commented 9 months ago

I'm looking for a construct that sets up a lambda function with secrets before the lambda gets invoked.

Something a la https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Use Case

In nodejs, it's a hassle to move variables into secrets when you can only load secrets async. Top level await isn't straightforward either because web frameworks may bundle the server files into a single file and I don't have full control over which file appears first.

Proposed Solution

I'd like my secrets to be injected as env vars when the lambda is invoked. Preferably they'd only get loaded from SecretsManager on cold starts, and cached. It'd use a lambda layer like described in this https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Other

This is a :rocket: Feature Request

biffgaut commented 9 months ago

Our current philosophy is to restrict the library to Infrastructure as Code, and not deploy code that operates within a client's application (e.g. - we provide no Lambda functions outside of Custom Resources that configure infrastructure during launch). But we will add this idea to our backlog if this changes in the future.