Closed TheSkorm closed 10 months ago
TheSkorm
commented
10 months ago For Lambda functions we can use Secrets Manager lambda layer - https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#ps-integration-lambda-extensions-add This provides a local web service that can be accessed to retrieve the secrets per lambda execution.
TheSkorm
commented
10 months ago For Fargate the solution is probably to use ValueFrom in the task def, then run a shell script to turn the environment variables into the respective config file. If envsubst that could be an easy win.
TheSkorm
commented
10 months ago Lambda functions have been updated. This involved adding in a VPC endpoint for secrets manager, and creating a config_handler helper module. Terraform aws provider also was upgraded to 5.x
Several functions need secrets from env variables to access mqtt servers. The way this is handled is poorly. Like wise the mosquitto mqtt servers currently pull their configs from S3. We should be able to improve this by using secrets manager