Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/amancevice/aws-env
Lambda runtime wrapper for exporting a SecretsManager JSON secret to the ENV
https://github.com/amancevice/aws-env
Last synced: 5 days ago
JSON representation
Lambda runtime wrapper for exporting a SecretsManager JSON secret to the ENV
- Host: GitHub
- URL: https://github.com/amancevice/aws-env
- Owner: amancevice
- License: mit
- Created: 2023-02-20T22:16:06.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-10-30T19:17:49.000Z (about 1 year ago)
- Last Synced: 2024-10-31T00:22:57.372Z (about 2 months ago)
- Language: Go
- Size: 31.3 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AWS ENV
Lambda runtime wrapper for exporting SystemsManager ParameterStore params & SecretsManager JSON secrets to the ENV
## Purpose
Instead of storing sensitive ENV variables in your Lambda function configuration, you might use ParameterStore or SecretsManager to keep sensitive values. You can use this tool to load those resources into the ENV through a Lambda [runtime wrapper](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper) script.
## Usage
Download the latest version of the `aws-env` binary from the [releases](https://github.com/amancevice/aws-env/releases) page.
Or, build it yourself with `make build`.
Include the binary in your lambda package or create a layer from the binary.
Export the ENV variable `AWS_LAMBDA_EXEC_WRAPPER` with your desired invocation using an absolute path to the binary.
> Note that if you include the binary in a Lambda layer the path will be `/opt/aws-env`, otherwise it will be found under `/var/task` wherever in your package you have included it (eg, `bin/aws-env`).
## Configuration
You can use a the ENV variable `AWS_ENV_EXPORTS` and/or a YAML configuration file to export the desired resources to ENV.
### ENV variable
Set the variable `AWS_ENV_EXPORTS` as a comma-delimited list of resources to export.
A resource should formatted like a URI, using the scheme for the service where the resource lives.
Examples:
- `secretsmanager://my-secret/`
- `secretsmanager://my-other-secret/`
- `ssm://my/path/`
- `ssm://my/other/path/`Example ENV var:
```bash
AWS_ENV_EXPORTS=secretsmanager://my-secret/,ssm://my/path/
```> Note that `ssm://` resources _must_ end with a trailing `/`
### Config File
You can include a config file named `.aws` in your lambda package that contains the parameters/secrets you wish to export.
By default this file is expected to be found at `/var/task/.aws`, but this can be overridden using the ENV variable `AWS_ENV_CONFIG`, eg `AWS_ENV_CONFIG=/var/task/.config/aws`
Example Config:
```yaml
---
exports:
- secretsmanager: my-secret
- secretsmanager: my-other-secret
- ssm: /my/path/
- ssm: /my/other/path/
```