{"id":19373743,"url":"https://github.com/waelson/serverless-ssm-kms","last_synced_at":"2026-05-16T06:37:22.248Z","repository":{"id":120617138,"uuid":"364893043","full_name":"Waelson/Serverless-SSM-KMS","owner":"Waelson","description":"This project demonstrate how to use AWS System Manager and KMS with Lambda application.","archived":false,"fork":false,"pushed_at":"2022-05-21T22:12:42.000Z","size":20,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-07T02:04:50.750Z","etag":null,"topics":["aws","lambda","serverless-framework"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Waelson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-06T11:54:08.000Z","updated_at":"2022-05-21T22:12:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"b2d307a0-de71-4ce7-8c15-a171902cf879","html_url":"https://github.com/Waelson/Serverless-SSM-KMS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Waelson%2FServerless-SSM-KMS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Waelson%2FServerless-SSM-KMS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Waelson%2FServerless-SSM-KMS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Waelson%2FServerless-SSM-KMS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Waelson","download_url":"https://codeload.github.com/Waelson/Serverless-SSM-KMS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240501242,"owners_count":19811574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","lambda","serverless-framework"],"created_at":"2024-11-10T08:31:25.958Z","updated_at":"2026-05-16T06:37:17.229Z","avatar_url":"https://github.com/Waelson.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Description\nThis project demonstrate how you can use AWS System Manager and KMS with Lambda application.\n\n---\n\n\n### Pre Requirements\n- You must have an AWS account\n- You must have Serverless Framework installed\n- You must have IAM permission to write and read in SSM (see policy.json file in the repository)\n\n\n## Steps\n### 1 - Creating KMS Key\nCommand:\n```bash\naws kms create-key --description kms-poc-test\n```\nOutput:\n```json\n{\n    \"KeyMetadata\": {\n        \"AWSAccountId\": \"\u003cAccount ID\u003e\",\n        \"KeyId\": \"xxxxxxx-8be9-448a-b2aa-xxxxxxxxxx\",\n        \"Arn\": \"arn:aws:kms:us-east-1:\u003cAccount ID\u003e:key/xxxxxxx-8be9-448a-b2aa-xxxxxxxxxx\",\n        \"CreationDate\": 1620302223.000,\n        \"Enabled\": true,\n        \"Description\": \"kms-poc-test\",\n        \"KeyUsage\": \"ENCRYPT_DECRYPT\",\n        \"KeyState\": \"Enabled\",\n        \"Origin\": \"AWS_KMS\",\n        \"KeyManager\": \"CUSTOMER\",\n        \"CustomerMasterKeySpec\": \"SYMMETRIC_DEFAULT\",\n        \"EncryptionAlgorithms\": [\n            \"SYMMETRIC_DEFAULT\"\n        ]\n    }\n}\n```\nThe attributes KeyId and Arn will used next steps. You will need it to encrypt parameter and setting serverless.yml.\n\n### 2 - Storing parameters\nStoring parameter as plain text value:\n```bash\naws ssm put-parameter --name PLAIN_VALUE --value 123456 --type String\n```\nStoring parameter encrypted \n```bash\naws ssm put-parameter --name SECRET_VALUE --value 123456 --type SecureString  --key-id \u003cKeyId\u003e\n```\n### 3 - Creating project\n```bash\nsls create --template aws-nodejs --name \u003cPROJECT-NAME\u003e\n```\n### 4 - Setting serverless.yml\n```yml\n...\ncustom:\n  arnKmsKey: \u003cArn\u003e #ARN value generated in the first step\n  settings:\n    SECRET_VALUE: ${ssm:SECRET_VALUE}\n    PLAIN_SECRET_VALUE: ${ssm:SECRET_VALUE~true} #TRUE means decrypt parameter to the Lambda\n    PLAIN_VALUE: ${ssm:PLAIN_VALUE}\n...    \nprovider:\n  ...\n  environment: ${self:custom.settings}\n  iamRoleStatements:\n    - Effect: Allow\n      Action:\n        - kms:Decrypt\n        - kms:Encrypt\n      Resource:\n        - ${self:custom.arnKmsKey}  \n    - Effect: Allow\n      Action:\n        - states:*\n        - secretsmanager:*        \n      Resource: '*'  \nfunctions:\n  hello:\n    handler: handler.hello\n    kmsKeyArn: ${self:custom.arnKmsKey}       \n...\n```  \n### 5 - Getting parameters\n```javascript\n  const secretValue      = process.env.SECRET_VALUE\n  const plainSecretValue = process.env.PLAIN_SECRET_VALUE\n  const plainValue       = process.env.PLAIN_VALUE  \n```\n\n### 6 - Deploying project\n```bash\nsls deploy -v\n```\n\n## Notice\nAll parameters defined in ```custom \u003e setting``` section will be injected as environment variables in the settings of Lambda. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwaelson%2Fserverless-ssm-kms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwaelson%2Fserverless-ssm-kms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwaelson%2Fserverless-ssm-kms/lists"}