search

localstack / localstack

💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline
https://localstack.cloud
Other
56.22k stars 4.01k forks source link

feature request: Support AWS Parameters and Secrets Lambda Extension #10349

Open jdkpdxjdk opened 8 months ago

jdkpdxjdk commented 8 months ago

When implementing a Lambda that uses the AWS Parameters and Secrets Lambda Extension, secrets or parameters are fetched from SecretsManager by making a request to localhost from within the Lambda.

The extension is provided to the Lambda via a Lambda layer released by AWS. Currently, when executing the requests.get() from within a Localstack Lambda, the Lambda container attempts to connect to the actual AWS endpoint (assuming it's redirected by some type of webservice within the layer itself) which fails due to a certificate validation exception:

[AWS Parameters and Secrets Lambda Extension] 2024/02/23 20:43:52 
ERROR GetSecretValue request encountered an error: operation error Secrets Manager: GetSecretValue, 
exceeded maximum number of attempts, 3, 
https response error StatusCode: 0, RequestID: , request send failed, 
Post "https://secretsmanager.us-west-2.amazonaws.com/": 
tls: failed to verify certificate: x509: certificate is valid for... <localstack cert domains>

As a workaround, I was hoping I could provide a local webservice that could listen over the default 2773 port and fetch the secrets from Localstack using awslocal commands on the container host but I've been unable to figure out how to redirect traffic to http://localhost:2773 from within the public.ecr.aws/lambda/python:3.9 Lambda container to the container host.

Built-in support for AWS Parameters and Secrets Lambda Extension would be great, but advice on a workaround would also be greatly appreciated.

Thank you!

localstack-bot commented 8 months ago

Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide.

dfangl commented 6 months ago

Hi @komarkovich ! A short update: We have a potential solution thought out, and we plan to implement it, but I unfortunately cannot give you an ETA for this yet. Thanks for reporting this issue!

JDurstberger commented 3 months ago

Hey @dfangl,

Any chance you have an update for us?

savez commented 2 months ago

Hi, also for me is important this issue, there is a solution?

Macoshark commented 3 weeks ago

Also waiting on a solution for this.