UNPKG

cdk-secret-manager-wrapper-layer

Version:

that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables. > idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)

github.com/neilkuan/cdk-secret-manager-wrapper-layer

neilkuan/cdk-secret-manager-wrapper-layer

71 lines 7.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const aws_cdk_lib_1 = require("aws-cdk-lib"); const aws_iam_1 = require("aws-cdk-lib/aws-iam"); const aws_lambda_1 = require("aws-cdk-lib/aws-lambda"); const aws_secretsmanager_1 = require("aws-cdk-lib/aws-secretsmanager"); const index_1 = require("./index"); const env = { region: process.env.CDK_DEFAULT_REGION, account: process.env.CDK_DEFAULT_ACCOUNT, }; const mockApp = new aws_cdk_lib_1.App(); const stack = new aws_cdk_lib_1.Stack(mockApp, 'testing-stack', { env }); /** * Example create an Secret for testing. */ const secret = new aws_secretsmanager_1.CfnSecret(stack, 'MySecret', { secretString: JSON.stringify({ KEY1: 'VALUE1', KEY2: 'VALUE2', KEY3: 'VALUE3', }), }); const lambdaArchitecture = aws_lambda_1.Architecture.ARM_64; const layer = new index_1.SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', { lambdaArchitecture, }); const lambda = new aws_lambda_1.Function(stack, 'fn', { runtime: aws_lambda_1.Runtime.PYTHON_3_13, code: aws_lambda_1.Code.fromInline(` import os def handler(events, contexts): env = {} env['KEY1'] = os.environ.get('KEY1', 'Not Found') env['KEY2'] = os.environ.get('KEY2', 'Not Found') env['KEY3'] = os.environ.get('KEY3', 'Not Found') return env `), handler: 'index.handler', layers: [layer.layerVersion], timeout: aws_cdk_lib_1.Duration.minutes(1), /** * you need to define this 4 environment various. */ environment: { AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer', SECRET_REGION: stack.region, SECRET_ARN: secret.ref, API_TIMEOUT: '5000', }, architecture: lambdaArchitecture, }); /** * Add Permission for lambda get secret value from secret manager. */ lambda.role.addToPrincipalPolicy(new aws_iam_1.PolicyStatement({ effect: aws_iam_1.Effect.ALLOW, actions: ['secretsmanager:GetSecretValue'], // Also you can use find from context. resources: [secret.ref], })); /** * For Testing. */ const FnUrl = lambda.addFunctionUrl({ authType: aws_lambda_1.FunctionUrlAuthType.NONE, }); new aws_cdk_lib_1.CfnOutput(stack, 'FnUrl', { value: FnUrl.url, }); //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW50ZWcuaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSw2Q0FBOEQ7QUFDOUQsaURBQThEO0FBQzlELHVEQUFvRztBQUNwRyx1RUFBMkQ7QUFDM0QsbUNBQW9EO0FBQ3BELE1BQU0sR0FBRyxHQUFHO0lBQ1YsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsa0JBQWtCO0lBQ3RDLE9BQU8sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQjtDQUN6QyxDQUFDO0FBQ0YsTUFBTSxPQUFPLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLE9BQU8sRUFBRSxlQUFlLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0FBRTNEOztHQUVHO0FBQ0gsTUFBTSxNQUFNLEdBQUcsSUFBSSw4QkFBUyxDQUFDLEtBQUssRUFBRSxVQUFVLEVBQUU7SUFDOUMsWUFBWSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDM0IsSUFBSSxFQUFFLFFBQVE7UUFDZCxJQUFJLEVBQUUsUUFBUTtRQUNkLElBQUksRUFBRSxRQUFRO0tBQ2YsQ0FBQztDQUNILENBQUMsQ0FBQztBQUVILE1BQU0sa0JBQWtCLEdBQUcseUJBQVksQ0FBQyxNQUFNLENBQUM7QUFFL0MsTUFBTSxLQUFLLEdBQUcsSUFBSSxpQ0FBeUIsQ0FBQyxLQUFLLEVBQUUsMkJBQTJCLEVBQUU7SUFDOUUsa0JBQWtCO0NBQ25CLENBQUMsQ0FBQztBQUVILE1BQU0sTUFBTSxHQUFHLElBQUkscUJBQVEsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFO0lBQ3ZDLE9BQU8sRUFBRSxvQkFBTyxDQUFDLFdBQVc7SUFDNUIsSUFBSSxFQUFFLGlCQUFJLENBQUMsVUFBVSxDQUFDOzs7Ozs7OztLQVFuQixDQUFDO0lBQ0osT0FBTyxFQUFFLGVBQWU7SUFDeEIsTUFBTSxFQUFFLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQztJQUM1QixPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0lBQzVCOztPQUVHO0lBQ0gsV0FBVyxFQUFFO1FBQ1gsdUJBQXVCLEVBQUUsd0JBQXdCO1FBQ2pELGFBQWEsRUFBRSxLQUFLLENBQUMsTUFBTTtRQUMzQixVQUFVLEVBQUUsTUFBTSxDQUFDLEdBQUc7UUFDdEIsV0FBVyxFQUFFLE1BQU07S0FDcEI7SUFDRCxZQUFZLEVBQUUsa0JBQWtCO0NBQ2pDLENBQUMsQ0FBQztBQUVIOztHQUVHO0FBQ0gsTUFBTSxDQUFDLElBQUssQ0FBQyxvQkFBb0IsQ0FDL0IsSUFBSSx5QkFBZSxDQUFDO0lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7SUFDcEIsT0FBTyxFQUFFLENBQUMsK0JBQStCLENBQUM7SUFDMUMsc0NBQXNDO0lBQ3RDLFNBQVMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUM7Q0FDeEIsQ0FBQyxDQUNILENBQUM7QUFFRjs7R0FFRztBQUNILE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxjQUFjLENBQUM7SUFDbEMsUUFBUSxFQUFFLGdDQUFtQixDQUFDLElBQUk7Q0FDbkMsQ0FBQyxDQUFDO0FBRUgsSUFBSSx1QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUU7SUFDNUIsS0FBSyxFQUFFLEtBQUssQ0FBQyxHQUFHO0NBQ2pCLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEFwcCwgU3RhY2ssIENmbk91dHB1dCwgRHVyYXRpb24gfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBFZmZlY3QsIFBvbGljeVN0YXRlbWVudCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0IHsgRnVuY3Rpb24sIFJ1bnRpbWUsIENvZGUsIEZ1bmN0aW9uVXJsQXV0aFR5cGUsIEFyY2hpdGVjdHVyZSB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sYW1iZGEnO1xuaW1wb3J0IHsgQ2ZuU2VjcmV0IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyJztcbmltcG9ydCB7IFNlY3JldE1hbmFnZXJXcmFwcGVyTGF5ZXIgfSBmcm9tICcuL2luZGV4JztcbmNvbnN0IGVudiA9IHtcbiAgcmVnaW9uOiBwcm9jZXNzLmVudi5DREtfREVGQVVMVF9SRUdJT04sXG4gIGFjY291bnQ6IHByb2Nlc3MuZW52LkNES19ERUZBVUxUX0FDQ09VTlQsXG59O1xuY29uc3QgbW9ja0FwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKG1vY2tBcHAsICd0ZXN0aW5nLXN0YWNrJywgeyBlbnYgfSk7XG5cbi8qKlxuICogRXhhbXBsZSBjcmVhdGUgYW4gU2VjcmV0IGZvciB0ZXN0aW5nLlxuICovXG5jb25zdCBzZWNyZXQgPSBuZXcgQ2ZuU2VjcmV0KHN0YWNrLCAnTXlTZWNyZXQnLCB7XG4gIHNlY3JldFN0cmluZzogSlNPTi5zdHJpbmdpZnkoe1xuICAgIEtFWTE6ICdWQUxVRTEnLFxuICAgIEtFWTI6ICdWQUxVRTInLFxuICAgIEtFWTM6ICdWQUxVRTMnLFxuICB9KSxcbn0pO1xuXG5jb25zdCBsYW1iZGFBcmNoaXRlY3R1cmUgPSBBcmNoaXRlY3R1cmUuQVJNXzY0O1xuXG5jb25zdCBsYXllciA9IG5ldyBTZWNyZXRNYW5hZ2VyV3JhcHBlckxheWVyKHN0YWNrLCAnU2VjcmV0TWFuYWdlcldyYXBwZXJMYXllcicsIHtcbiAgbGFtYmRhQXJjaGl0ZWN0dXJlLFxufSk7XG5cbmNvbnN0IGxhbWJkYSA9IG5ldyBGdW5jdGlvbihzdGFjaywgJ2ZuJywge1xuICBydW50aW1lOiBSdW50aW1lLlBZVEhPTl8zXzEzLFxuICBjb2RlOiBDb2RlLmZyb21JbmxpbmUoYFxuaW1wb3J0IG9zXG5kZWYgaGFuZGxlcihldmVudHMsIGNvbnRleHRzKTpcbiAgICBlbnYgPSB7fVxuICAgIGVudlsnS0VZMSddID0gb3MuZW52aXJvbi5nZXQoJ0tFWTEnLCAnTm90IEZvdW5kJylcbiAgICBlbnZbJ0tFWTInXSA9IG9zLmVudmlyb24uZ2V0KCdLRVkyJywgJ05vdCBGb3VuZCcpXG4gICAgZW52WydLRVkzJ10gPSBvcy5lbnZpcm9uLmdldCgnS0VZMycsICdOb3QgRm91bmQnKVxuICAgIHJldHVybiBlbnZcbiAgICBgKSxcbiAgaGFuZGxlcjogJ2luZGV4LmhhbmRsZXInLFxuICBsYXllcnM6IFtsYXllci5sYXllclZlcnNpb25dLFxuICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDEpLFxuICAvKipcbiAgICogeW91IG5lZWQgdG8gZGVmaW5lIHRoaXMgNCBlbnZpcm9ubWVudCB2YXJpb3VzLlxuICAgKi9cbiAgZW52aXJvbm1lbnQ6IHtcbiAgICBBV1NfTEFNQkRBX0VYRUNfV1JBUFBFUjogJy9vcHQvZ2V0LXNlY3JldHMtbGF5ZXInLFxuICAgIFNFQ1JFVF9SRUdJT046IHN0YWNrLnJlZ2lvbixcbiAgICBTRUNSRVRfQVJOOiBzZWNyZXQucmVmLFxuICAgIEFQSV9USU1FT1VUOiAnNTAwMCcsXG4gIH0sXG4gIGFyY2hpdGVjdHVyZTogbGFtYmRhQXJjaGl0ZWN0dXJlLFxufSk7XG5cbi8qKlxuICogQWRkIFBlcm1pc3Npb24gZm9yIGxhbWJkYSBnZXQgc2VjcmV0IHZhbHVlIGZyb20gc2VjcmV0IG1hbmFnZXIuXG4gKi9cbmxhbWJkYS5yb2xlIS5hZGRUb1ByaW5jaXBhbFBvbGljeShcbiAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgYWN0aW9uczogWydzZWNyZXRzbWFuYWdlcjpHZXRTZWNyZXRWYWx1ZSddLFxuICAgIC8vIEFsc28geW91IGNhbiB1c2UgZmluZCBmcm9tIGNvbnRleHQuXG4gICAgcmVzb3VyY2VzOiBbc2VjcmV0LnJlZl0sXG4gIH0pLFxuKTtcblxuLyoqXG4gKiBGb3IgVGVzdGluZy5cbiAqL1xuY29uc3QgRm5VcmwgPSBsYW1iZGEuYWRkRnVuY3Rpb25Vcmwoe1xuICBhdXRoVHlwZTogRnVuY3Rpb25VcmxBdXRoVHlwZS5OT05FLFxufSk7XG5cbm5ldyBDZm5PdXRwdXQoc3RhY2ssICdGblVybCcsIHtcbiAgdmFsdWU6IEZuVXJsLnVybCxcbn0pOyJdfQ==