堆栈内存溢出
  简体   繁体   English

如何在 lambda 处理程序中使用秘密管理器端点?

[英]How to use secret manager endpoint in lambda handler?

 原文  2020-12-29 04:12:40       java/ amazon-web-services/ aws-lambda/ amazon-rds/ amazon-vpc

问题描述

I want to make a write to RDS from lambda.我想从 lambda 写入 RDS。 As they both are in different accounts, I created a peering connection between them and also created a secret endpoint to access it.由于它们都在不同的帐户中,我在它们之间创建了对等连接,并创建了一个秘密端点来访问它。 I have a non-rotational secret manager endpoint, I have a lambda handler like我有一个非旋转秘密管理器端点,我有一个 lambda 处理程序,例如

LambdaHandler:
    Type: AWS::Serverless::Function
    Properties:
      Handler: 'com.handle.lambda.handler.LambdaHandler::handleInputFeed'
      Runtime: java8
      CodeUri:
        # Why are we using this instead of BATS::SAM::CodeS3Bucket
        Bucket: {'Fn::If' : ['UseBatsKey', 'BATS::SAM::CodeS3Bucket', {"Fn::ImportValue" : {Ref: 'DeploymentBucketImportName'}}]}
        Key: BATS::SAM::CodeS3Key
      Description: Example lambda that takes an x and y value and returns the result of adding them.
      Timeout: 20
      Role:
        Fn::GetAtt: [LambdaRole, Arn]
      VpcConfig:
        Fn::If:
        - RunLambdaInVPC
        - SecurityGroupIds: [{Ref: LambdaSecurityGroup}]
          SubnetIds:
          - {'Fn::ImportValue': PrivateSubnet01}
          - {'Fn::ImportValue': PrivateSubnet02}
        - {Ref: 'AWS::NoValue'}

How the secret endpoint will be used in this handler and how can I refer to the tables via that?秘密端点将如何在此处理程序中使用,我如何通过它引用表? As I am new to this any sample code or doc would be helpful.因为我是新手,所以任何示例代码或文档都会有所帮助。 Not able to find.无法找到。

1 个解决方案

解决方案1
 2 已采纳  2020-12-29 22:36:18

You don't need to do anything 1 , if the Lambda function is running inside the VPC with the endpoint accessible.您无需执行任何操作1 ,如果 Lambda function 在 VPC 内运行且端点可访问。 Depending on the kind of Endpoint ( Interface or Gateway) there are some DNS-tricks (Private Hosted Zones set up for you by AWS) employed by AWS to make this seem seamless.根据端点的类型( 接口或网关),AWS 采用了一些 DNS 技巧(AWS 为您设置的私有托管区域)使这看起来无缝。

Essentially the code doesn't need to know it's talking to a VPC endpoint, that's handled in the background.本质上,代码不需要知道它正在与 VPC 端点对话,这是在后台处理的。 There are a couple exceptions that have bitten me in the past - see the footnote.过去有几个例外情况让我感到困扰 - 请参阅脚注。 If it doesn't work, make sure the security groups of the endpoint allow connections from the Lambda functions on Port 443.如果它不起作用,请确保端点的安全组允许来自端口 443 上的 Lambda 功能的连接。

1 : The exception being IAM and other global services, here you should specify a regional endpoint when instantiating the client. 1 : IAM 和其他全局服务例外,这里您应该在实例化客户端时指定一个区域端点。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Google Secret Manager 中使用密钥文件 - Use of key file in Google Secret Manager 如何在AWS Lambda POJO处理程序中使用路径参数 - How to use Path Parameters in AWS Lambda POJO handler 如何在 AWS Secret Manager 中存储 jks 证书 - How to store jks certificate in AWS Secret Manager Java:在Handler.setFormatter中使用Lambda表达式 - Java: use lambda expression in Handler.setFormatter 如何通过提供的客户端ID和客户端机密提供对受保护端点的访问? - How to provide access to protected endpoint with provided client id and client secret? 谷歌秘密经理 - Google secret manager 如何在 Spring Boot 中使用秘密管理器对部署在 gcp 上的项目进行身份验证 - how to authenticate project that is deployed on gcp with secret manager in spring boot 如何组织 Java Lambda Handler 项目 - How to organize a Java Lambda Handler project 如何在Lambda处理程序中反序列化DynamoDB Map类型 - How to deserialize DynamoDB Map type in Lambda handler 如何在处理程序中使用Inputstream - How to use Inputstream with Handler
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM