stackoom
  简体   繁体   中英

Middy is not getting a secret from Secret Manager in a NodeJS AWS Lambda

 原文  2020-08-12 18:07:19       node.js/ amazon-web-services/ aws-lambda

Question

I am using Middy for getting secrets from Secret Manager in a NodeJS AWS Lambda. I did create a role for the Lambda to gain access to the parameter path, but some unknown reason the value is not setting either the context object or the environment variables.

The value of process.env.SSM_PATH is LAMBDA.

This is the code that I am using.

'use strict';

const middy = require('middy');
const { ssm } = require('middy/middlewares');


const handler = async (event, context) => {
    console.log(context);
    console.log(process.env)
    console.log(event);
};

exports.handler = middy(handler).use(ssm({
    setToContext: true,
    paths: {
        'PARAMETER': `/${process.env.SSM_PATH}/PARAMETER`
    }
}));

This is a portion of the policy in IAM for the Lambda.

{
    "permissionsBoundary": {},
    "roleName": "monitor_lambda_role",
    "policies": [
        {
            "document": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "sqs:sendMessage",
                        "Resource": "arn:aws:sqs:us-east-1::signed-resources-sqs"
                    },
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "ssm:GetParametersByPath",
                        "Resource": "arn:aws:ssm:us-east-1::parameter/LAMBDA/*"
                    },
                    {
                        "Sid": "",
                        "Effect": "Allow",
                        "Action": "kms:Decrypt",
                        "Resource": "arn:aws:ssm:us-east-1::alias/aws/ssm"
                    }
                ]
            },
            "name": "InlinePolicy",

            "arn": "arn:aws:iam:::policy/InlinePolicy"
        }
}

Could be due to the lambda run in an async way, it doesn't wait for the ssm middleware for getting the secrets?

1 answers

solution1
 0 ACCPTED  2020-08-12 19:30:41

I solve my problem.

There is two options for specifying the secrets that you want to read:

paths (object) (optional*): Map of SSM paths to fetch parameters from, where the key is the prefix for the destination name, and value is the SSM path. Example: {paths: {DB_: '/dev/service/db'}}

names (object) (optional*): Map of parameters to fetch from SSM, where the key is the destination, and value is param name in SSM. Example: {names: {DB_URL: '/dev/service/db_url'}}

In my particular case, I should use the names option.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how do I use aws secret manager with nodejs lambda How to return secret from getSecretValue with AWS secret manager? Fetching keys from AWS Secret Manager Generate a sufficient secret for JWT NodeJS Lambda Jest test issue, aws secret manager .then method AWS Lambda: How to store secret to external API? Nodejs AWS Lambda switching to another accounts access and secret key to perform functions Access string stored in secret manager from CDK not able to use GCP secret-manager with GCP cloud functions(nodeJS) How to get and use the Secret Manager values before the modules load in the NodeJS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM