seangreathouse
commented
7 years ago Hey Nathan,
Your Lambda function should run in an IAM role that includes permissions to read the config from S3. If that is set correctly the config is secure.
See: Edit the file, and replace the instances of ‘MY_ZONE_ID’ and ‘MY_BUCKETNAME’ with your own information. { "Effect": "Allow", "Action": [ "s3:Get", "s3:List_" ], "Resource": "arn:aws:s3:::MY_BUCKET_NAME/*" }]
Following through the steps, I may have missed something, but when I ran the client script at the end, I was getting "There was an issue finding or reading the S3 config file." I made the JSON config public, and that corrected the problem, but I am betting that's not the correct action, since that makes the secret publicly available. Is there a step I missed?