AWS Lambda：如何从配置中删除环境变量

Question

I have a lambda function that used to use encrypted environmental variables set in the lambda configuration but I no longer need them. I tried removing the env variable in the UI and it no longer shows up but still seeing in the logs:

"Found credentials in environment variables."

I also tried using the update-function-code command without passing an env variable which doesn't work.

Any way to remove the encrypted env variables from my lambda function configuration? I want to ensure unused/unneeded things are removed.

Thanks!

Answer 1

I believe it is a standard output from the inner workings of python lambdas that use boto. None of my python Lambdas have credentials and yet I have the same message in all logs of python lambdas.

Answer 2

The log message is coming from the "botocore" logger.

This will effectively suppress that message and others from boto3 :

logging.getLogger("boto3").setLevel(logging.WARNING)
logging.getLogger("botocore").setLevel(logging.WARNING)

Answer 3

I know it's a little late to this, but here is my understanding.

The statement "Found credentials in environment variables." does not have anything to do with the environment variables you configured. Apparently, Lambda has a set of reserved environment variables and when your code tries to connect to other AWS services (like S3, SNS etc), Lambda tries to read the credentials from reserved environment variables to make a connection to the other service and in the process logs the statement about where it found the credentials to "stdout"

According to this article , when you have a logger configured with INFO level, then all the.info() statements by your code and the AWS SDK will be logged to "stdout" and thereby ending up in CloudWatch logs. Try setting the logger level to WARNING and observe the logs.