Middy 没有从 NodeJS AWS Lambda 中的 Secret Manager 获得秘密

Question

I am using Middy for getting secrets from Secret Manager in a NodeJS AWS Lambda.我正在使用Middy从 NodeJS AWS Lambda 中的 Secret Manager 获取秘密。 I did create a role for the Lambda to gain access to the parameter path, but some unknown reason the value is not setting either the context object or the environment variables.我确实为 Lambda 创建了一个角色以获取对参数路径的访问权限，但由于某些未知原因，该值未设置上下文 object 或环境变量。

The value of process.env.SSM_PATH is LAMBDA. process.env.SSM_PATH的值为 LAMBDA。

This is the code that I am using.这是我正在使用的代码。

'use strict';

const middy = require('middy');
const { ssm } = require('middy/middlewares');


const handler = async (event, context) => {
    console.log(context);
    console.log(process.env)
    console.log(event);
};

exports.handler = middy(handler).use(ssm({
    setToContext: true,
    paths: {
        'PARAMETER': `/${process.env.SSM_PATH}/PARAMETER`
    }
}));

This is a portion of the policy in IAM for the Lambda.这是 IAM 中针对 Lambda 的策略的一部分。

{
    "permissionsBoundary": {},
    "roleName": "monitor_lambda_role",
    "policies": [
        {
            "document": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "sqs:sendMessage",
                        "Resource": "arn:aws:sqs:us-east-1::signed-resources-sqs"
                    },
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "ssm:GetParametersByPath",
                        "Resource": "arn:aws:ssm:us-east-1::parameter/LAMBDA/*"
                    },
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "kms:Decrypt",
                        "Resource": "arn:aws:ssm:us-east-1::alias/aws/ssm"
                    }
                ]
            },
            "name": "InlinePolicy",

            "arn": "arn:aws:iam:::policy/InlinePolicy"
        }
}

Could be due to the lambda run in an async way, it doesn't wait for the ssm middleware for getting the secrets?可能是由于 lambda 以异步方式运行，它不等待 ssm 中间件获取机密？

Answer 1

I solve my problem.我解决了我的问题。

There is two options for specifying the secrets that you want to read:有两个选项可用于指定要读取的机密：

paths (object) (optional*): Map of SSM paths to fetch parameters from, where the key is the prefix for the destination name, and value is the SSM path.路径（对象）（可选*）：用于从中获取参数的 SSM 路径的 Map，其中键是目标名称的前缀，值是 SSM 路径。 Example: {paths: {DB_: '/dev/service/db'}}示例：{paths: {DB_: '/dev/service/db'}}

names (object) (optional*): Map of parameters to fetch from SSM, where the key is the destination, and value is param name in SSM.名称（对象）（可选*）：Map 从 SSM 获取的参数，其中键是目标，值是 SSM 中的参数名称。 Example: {names: {DB_URL: '/dev/service/db_url'}}示例：{names: {DB_URL: '/dev/service/db_url'}}

In my particular case, I should use the names option.在我的特殊情况下，我应该使用names选项。

Middy 没有从 NodeJS AWS Lambda 中的 Secret Manager 获得秘密

问题描述

1 个解决方案

解决方案1
0 已采纳 2020-08-12 19:30:41

Middy 没有从 NodeJS AWS Lambda 中的 Secret Manager 获得秘密

问题描述

1 个解决方案

解决方案1 0 已采纳 2020-08-12 19:30:41

解决方案1
0 已采纳 2020-08-12 19:30:41