[英]Storing and passing credentials to AWS Lambda from Bitbucket
The problem description: I have a python code in Bitbucket which is deployed to the AWS to be executed as a lambda function.问题描述:我在 Bitbucket 中有一个 python 代码,它被部署到 AWS 以作为 lambda ZC1C425268E68385D1ABZA49 执行。 The setup is based on this guide: https://bitbucket.org/blog/aws-lambda-deployments-using-bitbucket-pipelines-and-pipes
设置基于本指南: https://bitbucket.org/blog/aws-lambda-deployments-using-bitbucket-pipelines-and-pipes
In the python code, I plan to use credentials (eg for the database access), and the source code is obviously a wrong place to store them.在 python 代码中,我计划使用凭据(例如用于数据库访问),而源代码显然是存储它们的错误位置。
What is a recommended storage place and way of passing credentials to the lambda function?将凭证传递给 lambda function 的推荐存储位置和方法是什么?
Should it be Bitbucket's repository variables?应该是 Bitbucket 的存储库变量吗? If yes, then how do I pass them to the lambda function's code?
如果是,那么我如何将它们传递给 lambda 函数的代码?
Or should it be AWS Lambda environment variables?还是应该是 AWS Lambda 环境变量? Same question then.
那么同样的问题。
You could store them in AWS SSM Parameter Store and fetch them at runtime.您可以将它们存储在AWS SSM 参数存储中并在运行时获取它们。
That way you can manage who has access to it.这样你就可以管理谁可以访问它。 Putting it in env variables will display the secret in plain text to anyone that can see it.
将其放入环境变量中将以纯文本形式向任何可以看到它的人显示该秘密。
The way I structure is this:我的结构方式是这样的:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.