Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/neilkuan/cdk-secret-manager-wrapper-layer
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
https://github.com/neilkuan/cdk-secret-manager-wrapper-layer
aws aws-cdk
Last synced: about 2 months ago
JSON representation
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
- Host: GitHub
- URL: https://github.com/neilkuan/cdk-secret-manager-wrapper-layer
- Owner: neilkuan
- License: apache-2.0
- Created: 2022-07-28T10:30:19.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-23T00:26:39.000Z (7 months ago)
- Last Synced: 2024-05-23T03:41:35.681Z (7 months ago)
- Topics: aws, aws-cdk
- Language: Go
- Homepage:
- Size: 4.29 MB
- Stars: 4
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)## Example
```ts
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'Mysecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer');
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_9,
code: Code.fromInline(`
import os
def hander(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.hander',
layers: [layer],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
});/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```